In January, the German Federal Criminal Police Office (BKA) proudly announced the demise of the supposedly “most dangerous malware in the world”. In collaboration with law enforcement authorities in seven other countries, the BKA had succeeded in destroying the Emotet server infrastructure entirely, thereby rendering the Trojan harmless. It has now emerged, however, that this “significant blow dealt to international organized internet crime” has unfortunately not had a lasting impact.
Only the good die young: Emotet is making a triumphant return
To paraphrase Mark Twain, the reports of Emotet’s demise were indeed greatly exaggerated, not to mention premature. Several cybersecurity experts recently reported that computers already infected with the TrickBot trojan have started downloading DLL files from the internet. Several sources have now identified that these files in fact contain the Emotet malware. Many indicators suggest that cyber criminals are making every effort to bring the Botnet back to life and restore it back to its former glory.
Convincingly designed spam containing manipulated office documents
The new Emotet bots are once again actively sending out malicious spam, security researchers at Cryptolaemus recently confirmed on Twitter. These attacks generally involve doctored .docm, xlsm or password-protected ZIP files being sent to potential victims. In previous attacks, the emails were well-designed, effectively deceiving recipients by imitating colleagues or business partners and sometimes even containing sections of previous email threads the recipient actually participated in.
Comprehensive cybersecurity ensures the highest levels of protection
As with all malware, unfortunately no measures can provide a company with one hundred percent protection from Emotet over the medium-term future. A powerful email security service combined with a corresponding sensitization of users however, can prevent or minimize the impact of an infection in many cases. For its comprehensive CxO Fraud Detection, Retarus combines a vast array of algorithms in order to detect “from spoofing” and “domain spoofing” and thwart Business Email Compromise (BEC) at an early stage. In this way, messages faking the sender addresses of high-ranking managers or other familiar contacts – a mechanism Emotet relies on – can already be detected and filtered out prior to the messages being delivered.
Always learning: Emotet has constantly been evolving since 2014
Emotet is the most “successful” Trojan in recent IT history and serves as a gateway for ransomware. In Germany alone, the malware is estimated to have brought about losses of at least 14.5 million euros. Emotet was first “discovered” in 2014 and has been changing and evolving continuously ever since. For the highest levels of protection against the flood of new and increasingly sophisticated variants, Retarus relies on its patented postdelivery protection service Patient Zero Detection. This innovative solution enables the detection of malware and harmful hyperlinks as soon as their patterns become available to virus scanners, even in messages that have been received at an earlier point in time.
By the way: With its comprehensive, modular Secure Email Platform, Retarus thoroughly covers all aspects of the key communication channel, including solutions for your company’s contingency plans. With Email Continuity, companies and their employees have an alternative way of accessing their business email communication at all times.