In January this year, law enforcement agencies in Europe and North America joined forces as part of a coordinated effort to disrupt and take down the Emotet botnet.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
“On Sunday, November 14, at around 9:26pm UTC we observed on several of our Trickbot trackers that the bot tried to download a DLL to the system. According to internal processing, these DLLs have been identified as Emotet….Currently, we have high confidence that the samples indeed seem to be a re-incarnation of the infamous Emotet,” asserts GData.
Back from the dead?
The Emotet malware had evolved into the go-to solution for cybercriminals who used its infrastructure to gain access to targeted systems on a global scale. Its operators then sold this access to other cybercrime groups for deploying ransomware including Ryuk, Conti, ProLock, Egregor, and several others.
Reporting on the development, BleepingComputer notes that in an apparent change of tactics, the threat actors behind Emotet’s revival are now using a method dubbed “Operation Reacharound” to rebuild the Emotet botnet using TrickBot's existing infrastructure.
Emotet research group Cryptolaemus has begun analyzing the new Emotet loader, and has detected changes compared to the past.
"So far we can definitely confirm that the command buffer has changed. There's now 7 commands instead of 3-4. Seems to be various execution options for downloaded binaries (since its not just dlls)," noted Cryptolaemus researchers.
Researchers also added that although they had not seen any signs of the Emotet botnet performing spamming activity or found any malicious documents dropping the malware, it’s only a matter of time.
"It is an early sign of the possible impending Emotet malware activity fueling major ransomware operations globally given the shortage of the commodity loader ecosystem," Advanced Intel's Vitali Kremez told BleepingComputer.