Emotet malware destroys itself from all infected computers


Emotet, the email-based Windows malware behind numerous botnet-driven spam campaigns and ransomware attacks, was automatically deleted from infected computers following a European law enforcement operation.

The development came after three months of coordinated disruption of Emotet as part of “Operation Ladybird” to seize control of servers used to run and maintain the malware network.

Due to the operation, at least 700 servers associated with the botnet’s infrastructure was made ineffective from the inside, thus preventing further exploitation.

The law enforcement authorities from the Netherlands, Germany, the U.S., U.K., France, Lithuania, Canada, and Ukraine were involved in the international action.

Earlier, the Dutch police stated that it had deployed a software update to counter the threat posed by Emotet effectively. All infected computer systems will automatically retrieve the update there, after which the Emotet infection will be quarantined.

This involved pushing a 32-bit payload named “EmotetLoader.dll” via the same channels that were used to distribute the original Emotet to all compromised machines. The cleanup routine, which was set to trigger itself automatically on April 25, 2021, worked by removing the malware from the device, in addition to deleting the autorun Registry key and terminating the process.

Now, the cybersecurity firm Malwarebytes confirmed that its Emotet-infected machine that had received the law enforcement payload had successfully initiated the uninstallation routine and removed itself from the Windows system.

At present, the’s Feodo Tracker shows that none of the Emotet servers are online.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Botnet backdoors Microsoft Exchange servers

    Previous article

    3.2 billion leaked passwords contain 1.5 million records with government emails

    Next article

    You may also like

    More in Malware


    Leave a reply

    Your email address will not be published. Required fields are marked *