What is Emotet? How can I protect myself against it?
Security to protect against the World’s most dangerous malware, Emotet
+++ ATTENTION: EMOTET ACTIVE AGAIN +++
Don’t take any risks: Protect yourself from Emotet now with
Hornetsecurity’s Advanced Threat Protection.
The experts from Hornetsecurity Security Lab observe the return of Emotet after a longer break.
The name Emotet repeatedly appears in the news in connection with extremely serious hacker attacks on companies, administrations, hospitals and universities. What makes Emotet so threatening? How you can protect yourself against it? Hornetsecurity will give you their expert explanation below.
What is Emotet?
What is Emotet? Is Emotet a computer-virus? No. Emotet first appeared as a banking Trojan in 2014. The attack was aimed at intercepting online access data of German and Austrian bank customers. Meanwhile, Emotet is able to reload and execute a variety of other modules with other malicious functions. Emotet malware strikes primarily via spam emails and effects private users as well as companies, hospitals, government institutions and critical infrastructures.
It adapts and automates methods of highly professional Advanced Persistent Threat attacks. Cyber criminals proceed very purposefully and with great effort in order to remain capable of acting in the infected system for as long as possible. So, Emotet is not easy to identify and intercept.
One aspect makes Emotet particularly dangerous: Since the end of 2018, the malware has been able to read contact relationships and email content from the mailboxes of infected systems using so-called Outlook harvesting in order to launch further attacks on this basis. The spread is thus extremely rapid. Other recipients will then receive equally authentic-looking emails from people with whom they were recently in contact. Malicious file attachments or URLs contained in the message are opened carelessly. In addition to this spam module, Emotet can also load a worm module, which allows it to spread independently in the company network. This allows it to spread to other computers without requiring users to click and activate an attachment. In this context, Emotet also undertakes brute force attacks with the aim of hacking passwords. This can have serious consequences. Once the computer is infected, Emotet downloads additional malware via C&C servers, depending on the target. There is a risk of data theft, loss of control over systems, failure of the entire IT infrastructure and restrictions on critical business processes. In extreme cases, an entire company‘s networks must be rebuilt after infection. The damages often amount to millions in losses.
Master of disguise: Why is Emotet so difficult to fight?
Emotet trojans are not easy to identify and intercept, because they deceive traditional antivirus products: As a polymorphic virus, the code changes slightly with each new retrieval to avoid detection by signature-based virus scanners. In addition, the virus detects when it is running in a virtual machine. As soon as a sandbox environment is registered, the program falls into a kind-of stand-by mode and does not perform any malicious actions during that moment.
Emotet, TrickBot and the ransomware Ryuk
How to protect yourself from Emotet?
To effectively protect yourself from Emotet, you need to focus on the main entrance point of the malware: email communication. Hornetsecurity Advanced Threat Protection easily detects Emotet and Ryuk in emails and quarantines both malware programs. The first instance of analysis identifies the Emotet Trojan. The subsequent Trojans Ryuk and TrickBot can be unmasked using the dynamic behavior analysis in the ATP sandbox. Emails containing the perfidious malware are not delivered to the recipients.
In addition, basic, security-relevant behavior must be observed:
- Since Emotet often hides in Microsoft Office files and needs macros to install malware, it makes sense not to allow them. They are also not needed in private and most business areas. However, if you cannot do without them, it is possible to allow only signed macros.
- Deployed security updates must be installed immediately for operating systems, anti-virus programs, web browsers, email clients and office programs.
- Regular data backups are recommended.
- Vigilance is paramount: Even with supposedly known senders, one should be careful with file attachments of emails, especially with Office documents and contained links. In case of doubt, it is advisable to make direct contact with the sender of a suspicious email and check the credibility of the content.
- Accesses to the company’s own network should be continuously monitored. In this way it can be determined in a timely manner whether an Emotet-infection has occurred.
Substantial loss of revenue
Ransomware is one of the most popular cyber-criminal methods to make big profits but also to cause immense (financial) damage to the victims. If the blackmailing software gets into a company’s system, all sensitive and confidential files are encrypted and only released again against a ransom in the form of Bitcoins. However, it is not always clear whether the files are actually released after a payment has been made.
Desired targets for the Hacker are primarily large companies and government institutions as well as critical infrastructures. In the worst case, insolvency is threatened after an attack. However, considerable losses in turnover are also among the possible consequences.
More about Emotet
Summarized Information Report
The Infopaper summarizes the recommendations of the Hornetsecurity experts. Download now and find out what Emotet is, what exactly makes the malware Emotet so dangerous, and how users can protect themselves.
More information in our blog
On 16.07.20 the European Court of Justice (ECJ) overturned the data protection framework between the USA and Europe. Although this does not immediately mean the end of data transfer between the two continents, it does have far-reaching consequences. Let’s take a quick...
Hornet News – exclusive IT Security news – once a month
What's in store for you?
By registering for our Hornet News you will receive information on current topics in the field of Cloud Security. Take the opportunity to get exclusive information about email security. Detailed analyses, recommendations for action as well as service information specifically geared to companies are waiting for you. Register now free of charge and without obligation and benefit from our expert knowledge.
Access to exclusive content
Get free access to exclusive content such as case studies, white papers, webinars and other interesting information as a subscriber.
News and updates
Discover the latest trends in cloud security in the form of technical articles.
Information about our services
We would be pleased to inform you about new developments in our services and show you in detail how you as a company can benefit from our services.
Visit our IT Knowledge base
Did you like our contribution on the topic Emotet ? Click here for an overview of our knowledge base. There you can learn more about topics such as DDoS attacks, Cryptolocker Virus, Spear-Phishing, Brute Force Attacks, GoBD, Cyber Kill Chain and Ransomware Kill Chain. Learn more now.