The Emotet malware has been stopped since the beginning of the year. And these days the dangerous Trojan was finally deleted from the computers of those affected. But that is not the end of it.
In the last few days of January, an international team of investigators smashed the infrastructure behind the Emotet malware and made the encryption Trojan unusable. The Federal Criminal Police Office (BKA) initially moved the malware on infected PCs to a quarantine folder to secure evidence. Internet providers have actively informed those affected.
The malware has been deleting itself on the computers of those affected since April 25, because the BKA programmed it to do so, reports the specialist portal “Heise online”. The legality of the BKA remote access is controversial. Those affected must also expect that the danger on the computer has not yet been averted.
Also interesting: What to do with faulty Windows updates?
Even more uninvited guests
“You have to assume that in addition to the infection with Emotet there is also further malware on at least one computer system in your local network,” warns the BKA. It also gives specific examples of malware that Emotet may have caught up with. For example the banking Trojans Trickbot and Qakbot and the extortionate encryption Trojan Ryuk.
You can try to remove the malware with virus scanners. Or restore the system to an intact state using pre-infection restore points. However, this does not give you the certainty that the computer has been completely cleaned up and all dangers have been averted.
BSI recommends reinstallation and password change
You can only be absolutely sure that nothing is left of the malware or its remains on the system after reinstalling Windows. The Federal Office for Information Security (BSI) recommends this step . You should back up all important files and documents beforehand or use a data backup from pre-infection times.
The malware may not only have manipulated online banking but also spied on passwords. Therefore, according to the BSI, the following also applies: Change all passwords stored on the infected computer, including access data in the browser and, in particular, the password for the e-mail inbox.
Also interesting: 25 Windows Keyboard Shortcuts You Should Know
Check to see if you have been hacked yourself
Even users who did not have Emotet & Co as uninvited guests on their computers can do something for their security. Because it is possible that your own e-mail address appears as a robbery of the Trojan in the data records secured by the cybercriminals.
This can now be verified in the leak database “ Have I Been Pwned? “. Its operator, IT security researcher Troy Hunt, claims to have received and updated more than four million email addresses from the police authorities involved in the Emotet investigation. If your own address is included, you should change your mailbox password and, ideally, all the passwords associated with the respective e-mail address for online services.