The news of Emotet's return is one that nobody in the cyber-security industry is likely to enjoy. Before going dark in February, Emotet was, by far, the largest, most active, and sophisticated cybercrime operation.
The Emotet gang operates an email spam infrastructure that it uses to infect end-users with the Emotet trojan. It then uses this initial foothold to deploy other malware, either for its own interest (such as deploying a banking trojan module) or for other cybercrime groups who rent access to infected hosts (such as ransomware gangs, other malware operators such as Trickbot, etc.).
Due to its close ties to ransomware gangs, in some countries such as Germany or the Netherlands, Emotet is treated with the same level of urgency as a ransomware attack. Companies and organizations that find an Emotet-infected host are told to isolate the infected system and take their entire network offline as they investigate, a measure necessary to prevent the delivery of a ransomware payload in the meantime.