[German]CERT-Bund informs that the cyber criminals behind the malware Emotet are currently rolling out new malware via their Command & Control servers (C&C servers). In addition, German city of Neustadt am Rübenberge has been infected by Emotet.
Advertising
CERT-Bund warns
At the end of August 2019 I had reported that the remote cyber criminals had returned after a 'summer break' and booted the C&C servers. I had this in the blog post CERT-Bund warns: Emotet is back, C&C servers online again. There you can also find hints about Emotet. Now I just came across a warning of the CERT-Bund about the following tweet, which points to the following facts.
Seit einigen Stunden liefern die #Emotet C&C-Server neue Versionen der #Schadsoftware aus. Diese enthalten auch neue C&C-Adressen.
Aktuelle Blocklisten gibt es wie immer bei @Cryptolaemus1. #BlockNow!— CERT-Bund (@certbund) September 10, 2019
The tweet from German CERT-Bund warns about the Emotet trojan. They say, the malware Emotet are currently dpwnloading new malware via their Command & Control servers (C&C servers). The following tweet addresses the same topic:
Emotet is back ! pic.twitter.com/QJZlGgDzId
— Raashid Bhat (@raashidbhatt) August 23, 2019
Administrators who block the relevant C&C servers in their network firewalls must therefore react. The following tweet specifies the Pastebin address with the latest block lists.
Advertising
Updated again as of 13:45 EDT with 1 additional C2 for E2 from @lazyactivist192
"+" added infront of the new C2 additions. Block this stuff now!https://t.co/TqsgNQB1TM— Cryptolaemus (@Cryptolaemus1) September 9, 2019
To late for Neustadt
German site heise reported here, that the city council of Neustadt am Rübenberge was just recently infected by Emotet. Until next Friday the local network of the city administration remains switched off. Neustadt am Rübenberge is located near Hanover (i.e. Heise-Land). According to German site NDR several offices of the city have become victims of the blackmail Trojan Emotet. The Emotet infection was probably caused by an infected e-mail attachment.
Until the end of the week the computers may not be used and the city administration is therefore at present only limited able to work. The car registration office is closed, the employees have no e-mail function. It is also not currently possible to apply for identity cards or passports.
