[German]As of April 25, 2021, Emotet malware was automatically removed from Windows machines. This is done through a cleanup feature that International Law Enforcement had installed on infected systems as early as January 2021.
Advertising
Emotet: A review
Emotet is a family of computer malware in the form of macro viruses that infect recipients with Trojans via the attachment of very genuine-looking emails. When a recipient opens the attachment or attachment of the email, modules with malicious functions are reloaded and made to run. The Emotet group has been responsible for numerous successful ransomware attacks against companies, government agencies and institutions worldwide. Emotet was considered to be the most dangerous malware in the world at the moment and infected a high number of IT systems of companies, authorities and institutions, in addition to computers of hundreds of thousands of private individuals.
As a so-called "downloader", Emotet had the function of infecting a victim system unnoticed and reloading further malware, for example to manipulate online banking, to spy out stored passwords or to encrypt the system for blackmail. The use of this "botnet" created by the perpetrators, together with the reloading of any malware, was offered for a fee in the "underground economy". Therefore, Emotet's criminal business model can be called "malware-as-a-service."
As a so-called "downloader," Emotet had the function of infecting a victim system unnoticed and reloading further malware, for example to manipulate online banking, to spy out stored passwords, or to encrypt the system for blackmail. The use of this "botnet" created by the perpetrators, together with the reloading of any malware, was offered for a fee in the "underground economy". Therefore, Emotet's criminal business model can be called "malware-as-a-service." I have addressed the malware extensively in the articles linked at the end of the post.
Infrastructure takeover and uninstallation
By taking over the Emotet Command & Control (C&C) servers in January 2021, law enforcement was able to modify the malware reload function via the C&C servers, install their own modules on the infected victim systems, and disable the malware functions at the same time. From then on, the victim systems could only communicate with the controlled C&C servers.
In the blog post Details of Emotet uninstallation by law enforcement officials, I already reported that law enforcement brought an uninstall routine to the systems and planned to automatically uninstall the Emotet malware from infected systems on April 25, 2021. This will simply delete all services related to Emotet. In addition, the run key in the Windows registry will be removed, so that no more Emotet modules will be started automatically. And all running Emotet processes should be terminated. The following tweet lists these features.
Advertising
On April 25, 2021, the time had come, as the colleagues at Bleeping Computer noted here. There you can read that the German Federal Criminal Police Office (BKA) was in charge of these uninstallation functions.
Similar articles:
EmoCrash protectet systems for 6 months against emotet-infections
Cryptolaemus and the fight against Emotet
Microsoft warns of massive Emotet campaign
EmoCrash protectet systems for 6 months against emotet-infections
Warning about a new Emotet-Ransomeware campaign (Sept. 2020)
Microsoft warns of massive Emotet campaign
Emotet Trojan can overload computers on the network
Emotet C&C servers deliver new malware
FAQ: Responding to an Emotet infection
Warning about a new Emotet-Ransomeware campaign (Sept. 2020)
Emotet malware comes as a supposed Word update
New Emotet Campaign during the Holidays 2020
German BKA initiate a takedown of Emotet malware infrastructure
Emotet reportedly uninstalls itself on April 25, 2021
Details of Emotet uninstallation by law enforcement officials
