Party’s over for Emotet, One of the World’s Most Feared Botnets
Emotet, one of the most notorious botnets of the past decade, has been taken down in a joint operation by Europol and Eurojust in January 2021 . A cyber security researcher also confirmed that a new module has been sent to the infected devices via Emotet update mechanism ordering the uninstallation of the malware on 25th April 2021 . The takedown operation and the issuance of Emotet self-uninstallation module signalled the end of this long-time cyber threat.
What is Emotet?
Impact of Emotet in Recent Years
Overseas cyber security researchers found that later spreads of Emotet used malware dropper to load ransomware and other banking trojans with worm-like capabilities , which would cause actual damage to the affected systems. Among other incident, Emotet would disguise itself as an email sent by a disability welfare service provider to potential victims with an “infection report” alike document embedding the malicious script . In 2020, it also launched attacks using the theme of COVID-19.
Emotet attacks had been happening across the globe in the past few years, incurring significant losses for individuals, companies, and even governments. One of the most serious incidents happened in 2019 when the German city of Frankfurt was forced to shut down its IT network for a week to stop the spread of the malware .
Throughout the years, HKCERT has been monitoring Emotet infections in Hong Kong, alerting related Internet Service Providers (ISPs) from time to time. Although Emotet has been taken down by law enforcement overseas, HKCERT urges both individuals and organisations to stay vigilant and pay extra attention to any malware attacks, and adopt the following preventive measures:
- Do not open email attachments from unknown senders. Verify carefully the sender and content to make sure the email is legitimate before opening any attachment;
- Update the systems regularly;
- Install security software and keep the software and virus signature updated;
- Use strong passwords; and
- Enable two-factor authentication (2FA) whenever possible.