Last Chance for Forensics Teams Ahead of Emotet Sunday Deadline

IT security teams have until Sunday to hunt for evidence of Emotet infection, and potentially related malware, before the notorious botnet is removed from all global devices on Sunday, experts have warned.

Back in January, Europol announced that law enforcers had been able to seize the infrastructure used by Emotet in a coordinated international operation.

On Sunday April 25, they will deliver an update (EmotetLoader.dll) file designed to erase the malware from all infected machines globally.

While Emotet started life as a banking Trojan, in recent years it grew into a more complex, modular threat. Among other things, it was used to gain initial access into organizations — which could then be sold to ransomware groups and other gangs to deploy further malware.

Those who were infected with Emotet but don’t know it yet therefore have just days to carry out vital forensics, argued Redscan threat intelligence analyst, Mariya Grozdanova.

“The run key in the Windows registry of infected devices will be removed to ensure that Emotet modules are no longer started automatically and all servers running Emotet processes are terminated. However, it’s important to note that the switch-off does not remove other malware that has been installed on an infected computer via Emotet,” she explained.

“This leaves security teams with only a few more days to uncover Emotet artifacts and whether their organization has been compromised by Emotet, as well as to establish whether other related malware exists on their networks. Unless proper forensic analysis is conducted now, security teams will miss a unique opportunity to identify malware strains that may have the same MO as E ..

Support the originator by clicking the read the rest link below.