Emotet botnet reactivated after two month break
Emotet returns following summer holiday
The Emotet botnet is back up-and-running following a summer break, with security firms reporting that command-and-control servers have been quietly reactivated.
The botnet fell silent at the beginning of June, although researchers forecast that it wouldn't stay down for long.
According to specialist security website BleepingComputer, the network was as likely to have been taken down for maintenance as it was to enable its operators to have a long summer holiday in the Crimea. Ransomware and Trojans linked to Emotet don't target potential victims in the CIS to avoid attracting the interest of Russian law enforcement.
Cofense Labs was the first security firm to notice that the botnet had been reactivated. "The Emotet botnet arose from the grave yesterday and began serving up new binaries.
"We noticed that the C2 servers began delivering responses to POST requests around 3PM EST on Aug 21. Stay vigilant and keep an eye out for any updates as we monitor for any changes," the company tweeted late on Thursday.
A list of active servers has been published on Github by security firm Black Lotus Labs. The botnet has not been involved in any new campaigns - yet.
Originally supporting a banking Trojan of the same name when it was first started up in 2014, it quickly switched to distributing other forms of malware. It has since been linked with the Trickbot banking Trojan and the Ryuk ransomware.
However, it will be some time before a fresh campaign is launched, with the gang behind Emotet having to grab new bots (compromised PCs and servers), remove anti-virus bots, test their malware against a range of anti-virus and other security solutions, and drum-up new clients.
Earlier this year when it was still active, Recorded Future claimed that Latin America was the epicentre of Emotet Trojan activity.
Back in 2017, following another short break, Emotet returned with what was described as a polymorphic Trojan, capable of evading detection by anti-virus software.