{"id":6659,"date":"2021-11-19T12:05:47","date_gmt":"2021-11-19T10:05:47","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks"},"modified":"2024-05-07T11:24:41","modified_gmt":"2024-05-07T09:24:41","slug":"just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks\/","title":{"rendered":"Just like Groundhog Day: Emotet is back with a new bag of tricks"},"content":{"rendered":"\n
In January, the German Federal Criminal Police Office (BKA) proudly announced<\/a> the demise of the supposedly \u201cmost dangerous malware in the world\u201d. In collaboration with law enforcement authorities in seven other countries, the BKA had succeeded in destroying the Emotet server infrastructure entirely, thereby rendering the Trojan harmless. It has now emerged, however, that this \u201csignificant blow dealt to international organized internet crime\u201d has unfortunately not had a lasting impact.<\/p>\n\n\n\n To paraphrase Mark Twain, the reports of Emotet\u2019s demise were indeed greatly exaggerated, not to mention premature. Several cybersecurity experts recently reported<\/a> that computers already infected with the TrickBot trojan have started downloading DLL files from the internet. Several sources have now identified that these files in fact contain the Emotet malware. Many indicators suggest that cyber criminals are making every effort to bring the Botnet back to life and restore it back to its former glory.<\/p>\n\n\n\n The new Emotet bots are once again actively sending out malicious spam, security researchers at Cryptolaemus recently confirmed on Twitter<\/a>. These attacks generally involve doctored .docm, xlsm or password-protected ZIP files being sent to potential victims. In previous attacks, the emails were well-designed, effectively deceiving recipients by imitating colleagues or business partners and sometimes even containing sections of previous email threads the recipient actually participated in.<\/p>\n\n\n\n As with all malware, unfortunately no measures can provide a company with one hundred percent protection from Emotet over the medium-term future. A powerful email security service combined with a corresponding sensitization of users<\/a> however, can prevent or minimize the impact of an infection in many cases. For its comprehensive CxO Fraud Detection, Retarus combines a vast array of algorithms in order to detect \u201cfrom spoofing\u201d and \u201cdomain spoofing\u201d and thwart Business Email Compromise (BEC)<\/a> at an early stage. In this way, messages faking the sender addresses of high-ranking managers or other familiar contacts \u2013 a mechanism Emotet relies on \u2013 can already be detected and filtered out prior to the messages being delivered.<\/p>\n\n\n\n Emotet is the most \u201csuccessful\u201d Trojan in recent IT history and serves as a gateway for ransomware. In Germany alone, the malware is estimated to have brought about losses of at least 14.5 million euros. Emotet was first \u201cdiscovered\u201d in 2014 and has been changing and evolving continuously ever since. For the highest levels of protection against the flood of new and increasingly sophisticated variants, Retarus relies on its patented postdelivery protection service Patient Zero Detection<\/a>. This innovative solution enables the detection of malware and harmful hyperlinks as soon as their patterns become available to virus scanners, even in messages that have been received at an earlier point in time.<\/p>\n\n\n\n By the way: With its comprehensive, modular Secure Email Platform<\/a>, Retarus thoroughly covers all aspects of the key communication channel, including solutions for your company\u2019s contingency plans. With Email Continuity<\/a>, companies and their employees have an alternative way of accessing their business email communication at all times.<\/p>\n","protected":false},"excerpt":{"rendered":" The destruction of the Emotet infrastructure has unfortunately only been temporary. Bots are once again sending deceptive, well-made emails appearing to be from colleagues.<\/p>\n","protected":false},"author":12,"featured_media":6660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[102,3618,509],"dipi_cpt_category":[],"class_list":["post-6659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-security","tag-emotet","tag-malware"],"acf":[],"yoast_head":"\nOnly the good die young: Emotet is making a triumphant return<\/h2>\n\n\n\n
Convincingly designed spam containing manipulated office documents<\/h2>\n\n\n\n
Comprehensive cybersecurity ensures the highest levels of protection<\/h2>\n\n\n\n
Always learning: Emotet has constantly been evolving since 2014<\/h2>\n\n\n\n