The cybersecurity world got a great start in 2021 with the takedown of the powerful Emotet trojan. The operation that spanned two years, was successfully accomplished in a coordinated effort from law enforcement agencies and security professionals from across the world. However, there is still tension in the air.

When Emotet roared in the wild

  • As of December 2020, Emotet was the world’s popular malware, affecting 7% of organizations.
  • Its massive presence made it an attractive vector for attackers looking to deploy a variety of malware, including ransomware.
  • The malware also enabled cybercriminals to expand their infection base by sending spam as a botnet or collecting credentials in phishing attacks.
  • By the time law enforcement intervened, Emotet had infected more than 1.6 million machines and caused hundreds of millions of dollars in damage.

Takedown brings a sigh of relief

  • In 2020, Emotet along with Trickbot and ZLoader contributed to 78% of the overall loader volume.
  • However, after the takedown, there has been a drastic drop in the activity since January 26.

Is the celebration short-lived?

  • While the takedown operation was no less than a herculean task, there still remains uncertainty about the comeback of Emotet.
  • Microsoft has warned customers not to let their guard down even after Emotet’s disruption.
  • Telemetry collected by the firm revealed that the trojan was very active, launching massive campaigns every week, just before the takedown. Given the reach and role in the deployment of payloads, Emotet remains a big security threat for organizations.
  • It is also likely that the operators would be preparing themselves to return with a vengeance to launch more catastrophic attacks.

Key takeaways

For now, the takedown has disrupted the global operations of Emotet. For those fearing being infected with Emotet, the takedown is good news. The operation also likely gave law enforcement agencies a greater understanding of how the trojan works, which may contribute to long-lasting efforts to eliminate the botnet, in case if it resurfaces. Unfortunately, Emotet’s absence may prove beneficial for other trojan families. Commenting on the matter, Check Point’s head of threat intelligence, Lotem Finkelsteen said, “There is no vacuum in the cyber-threat landscape. Now that Trickbot cannot buy any infected computers or network from Emotet, it doesn't mean that they won't look for other botnets to do that.”

Cyware Publisher