In January of 2020, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned of the resurgence of Emotet attacks.
The DHS described Emotet as the “most destructive” form of malware due to its ability to inject other potentially harmful malware into most any organization, especially in the banking and financial industries.
Emotet’s most serious threat is the fact that it acts as a carrier for different types of malware including ransomware. It’s not a surprise why DHS CISA still considers Emotet the most damaging Trojan in the banking sector.
How Does Emotet Work?
Emotet made its first appearance in 2014 as a banking trojan. It was primarily used by hackers to infect computers and steal sensitive data. Emotet primarily spreads through spam and phishing emails that contain malicious URLs and infected attachments.
The emails are cleverly disguised as invoice attachments or payment remittance notices complete with a financial theme and company logo.
Notable victims of Emotet in the recent past include the city of Allentown, Pennsylvania in 2018, the Heise Online publishing firm in Germany, the highest Berlin state court in Germany, the Humboldt University of Berlin in 2019, and the Department of Justice of the Province of Quebec, Canada in 2020.
Emotet has evolved over the last few years to become one of the most serious cybersecurity threats today. The latest versions of the malware use macro-enabled documents or PowerShell macros to steal data through Command and Control (C&C) servers operated by hackers.
The C&C servers can even receive updates on your computer and install additional malware or dump stolen data on your system.
Emotet and Ransomware
The hackers who operate Emotet use the malware to deploy other viruses including ransomware. In fact, the Emotet gang now runs a Malware-as-a-Service (MaaS) service that rents access to Emotet-infected computer systems to other malware groups.
The service makes it possible to infect end users with malware including the TrickBot Trojan or even the more serious Ryuk Ransomware.
Ryuk and Conti is one of the most feared crypto-ransomware variants that uses an advanced form of encryption to block access to all the files in a system or Internet-enabled device until a ransom is paid in Bitcoin.
A Ryuk/Conti Ransomware attack normally starts with either a TrickBot or Emotet infection. The malware basically provides an easy path to deploy the more serious ransomware.
How to protect myself from Emotet Ransomware?
We have a detailed blog post on how to stay safe from ransomware but some malware types require extra caution given their aggressive nature of destruction. Here are some tips to stay safe:
Educate staff on ransomware
Ensure that your staff is adequately trained on email and phishing infiltration, use the best possible antivirus solution throughout your enterprise network, and remember to always apply software security updates and patches as soon as they are released.
Create strong passwords
Create passwords that are difficult to crack. There is a reason why services like Google, Apple, Outlook and others require you to sign up with a strong password containing lower case characters, capital letters, numbers and special characters. This makes it much more difficult for hackers to crack in a brute-force attempt as compared to using a simple password.
Use a VPN to protect against ransomware
Using a VPN does not eliminate the possibility of getting hacked. Rather, it provides an extra layer of security by masking your IPs, and providing you with a virtual location and private network, making it impossible to trace your online activities. The extra time and effort spent by hackers is just not worth the time and effort to break into your system.
How can I remove Emotet Virus from my system?
Emotet virus spreads at an alarming rate starting from one computer and moving laterally. The moment you notice something out of the ordinary, simply shut down your computer and isolate from the network. Connecting a clean system with a compromised network will risk spread of the virus. Formatting hard disks and patching the entire network is a time-intensive process, and needs to be done one system at a time.
Conclusion
Emotet has been around since 2014 and is continually evolving in tandem with fast-paced changes in technology. It has become a favorite tool for cybercriminals and attackers, thanks to its modular nature and ability to inject different types of malware and ransomware to an infected system.
The malware can also deliver dangerous payloads such as the Ryuk or Conti Ransomware on an Emotet-infected machine or system.