Emotet over a decade was a menace to the entire world and grew up to be one of the most dangerous botnets of all time. However, a global law enforcement operation finally took it down and it can be safely said that the malware’s reign is over.

Overview

Dubbed Operation LadyBird , Emotet’s infrastructure was taken down by the joint collaboration between law enforcement agencies from the U.S., the U.K, Canada, the Netherlands, France, Germany, Ukraine, and Lithuania, along with private security researchers, Europol, and Eurojust.

Plan execution

Emotet’s infra has been taken down from the inside and the various C2 servers across the world have been seized. All the infected machines have been redirected to the infrastructure controlled by law enforcement; thus, disrupting the activities of the gang.

Emotet has been a launching pad for other malware families, whose goal is to steal financial data and encrypt corporate networks. This implies that if a network is infected by Emotet, there might be the presence of IcedID, TrickBot, Qbot, Ursnif, and Dridex malware.   

Crucier

Although this comes as a breath of relief, the Dutch Police has warned potential victims to check for infection using the “Emotet Checker” tool developed by them. Even though the takedown of Emotet can disrupt malware operations for a short period, in the bigger scheme of things, malware families will still live on without Emotet.