International Action Targets Emotet Crimeware

2021-01-27 14:20

Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections.

Emotet relies on several hierarchical tiers of control servers that communicate with infected systems.

"All infected computer systems will automatically retrieve the update there, after which the Emotet infection will be quarantined. Simultaneous action in all the countries concerned was necessary to be able to effectively dismantle the network and thwart any reconstruction."

A statement from the German Federal Criminal Police Office about their participation in Operation Ladybird said prosecutors seized 17 servers in Germany that acted as Emotet controllers.

Because Emotet is typically used to install additional malware that gets its hooks deeply into infected systems, cleaning up after it is going to be far more complicated and may require a complete rebuild of compromised computers.

A single Emotet infection can often lead to multiple systems on the same network getting compromised.

News URL

https://krebsonsecurity.com/2021/01/international-action-targets-emotet-crimeware/