At the end of January 2021, Emotet, “the world’s most dangerous malware,” was taken down by law enforcement following an extensive effort by a global coalition of agencies across Europe and the U.S. The effort succeeded in taking down Emotet’s command-and-control infrastructure and at least two of the cybercriminals behind the malware were arrested.

The news of Emotet’s takedown was met with cheers from within the security community, but there were also concerns that the celebrations were premature and that the malware would be back up and running before long.

So, what impact will Emotet’s takedown really have on organizations today, and are we likely to see the malware rear its unwanted head again any time soon?

A Drop in the Ocean

Emotet first emerged in 2014 as a banking Trojan. It was spread through phishing attacks, and was most frequently triggered after a user was encouraged to open and click on a Word document, attached to an email. The malware has been disguised as an invoice, shipping notice or, more recently, as information about COVID-19. Once a user opened one of these attachments, they would be prompted to “enable macros” so the malicious code hidden in the Word file could run and install Emotet on the victim’s computer. Once Emotet was inside a computer, it wormed its way deep into the system; once it was fully embedded, the unwitting host computer would be rented to other cybercriminals to form botnets or to be used to launch ransomware attacks. We saw this happen when the actors behind the Ryuk ransomware variant used Emotet as a gateway to take victims’ machines hostage until a ransom demand was paid.

It is rare that malware is as long-lived as Emotet, but because of its polymorphic nature it managed to evade detection for over six years. It often disappeared from the threat landscape, reappearing only to cause more destruction.

In the past, other major cybercrime operations have been dismantled, but resurfaced again only a short while later. Take Silk Road, a major online black market, taken down three times by law enforcement officials before it finally disappeared for good.

This explains the security community’s skepticism about Emotet’s demise. However, reports suggest that even if other criminals do try to bring Emotet back from the dead, they will have little success. Dutch Police apparently slipped a software update onto servers that cut off communications between infected computers and the botnet, halting its spread. Backups of the malware were also deleted, so any resurrection of the attack would supposedly be very difficult.

While this is positive news, it unfortunately doesn’t mean we call all relax. After all, Emotet was just one cybercrime operation out of many; just one method of millions of attacks that businesses are facing today. Any attackers that were using Emotet to build botnets and infect machines will likely turn to another similar service to carry out their attacks.

Don’t Let Your Guard Down Yet

The Emotet takedown is, undoubtedly, a very positive move as it shows law enforcement are taking a firm stand against cybercriminals and countries, agencies, governments and organizations are collaborating to take down the worst offenders. But with the increasing number and rising rate of attacks companies are facing today, it really is just a drop in the ocean.

Ransomware, for instance, is one of the biggest threats companies are facing today, and research has shown that, globally, companies are being attacked via this vector every 11 seconds. Organizations should focus not just on one particular threat, like Emotet, but on preventing their network from being penetrated and on building a culture of cybersecurity awareness, where employees are educated on attacks and are aware of how threats may enter the network. It is also important to ensure that all company systems and devices are up-to-date with security software and the latest patches, and that data is kept encrypted when it is in transit.

While the Emotet take down was a positive for law enforcement, celebrations will be short-lived. Companies should instead learn from Emotet and educate employees on attacker techniques, while also building stronger and higher walls around their data.