In January, an international group of law-enforcement agencies took down Emotet, the world’s top malware. Authorities took over its command-and-control servers and installed a kill switch that will automatically uninstall the malware on April 25.
This is good news. Emotet infections can cost up to $1 million per incident to remediate, according to the US Cybersecurity and Infrastructure Security Agency. But it doesn’t mean data center security managers can sit back, relax, and let the kill switch do its work.
Once it embeds itself in a system, Emotet becomes a vector for additional infections. It opens doors on an enterprise network for other malware to walk through. It’s also a worm, so it will try to spread as far and wide as it can.
Now, while the command-and-control servers are down, is the perfect time for security teams to conduct full forensics sweeps, identify any instances of the malware in their systems, trace and shutdown the pathway it used to get into the systems, and track what else it installed and where else it managed to spread.