There are few things that are absolute. Cyber threats being fully eradicated isn’t one of them. Despite the globally coordinated law enforcement action in January and follow up mass uninstall effort in April to expunge this formidable foe, Emotet has awoke. Teaming up with its’ old pal, Emotet has been observed using TrickBot’s existing infrastructure to rebuild - with over 264 infected devices already acting as command and control servers at the time of this writing. As Emotet regenerates, there hasn’t been any spamming activity observed yet. However, analysis reveals that Emotet has evolved. The current version is reported to employ 7 commands (versus its previous 3-4) and is expected to lead to a surge in ransomware infections. Prior to the takedown, Emotet was adept at deploying multiple ransomware families, including Ryuk, Conti, ProLock, Egregor, and many more. To proactively defend against Emotet, members are encouraged to track and block its command and control servers. Associated IP addresses can be found on a list maintained by the malware tracking group Abuse.ch. For more, including defense tactics, read more at BleepingComputer.