{"id":6659,"date":"2021-11-19T12:05:47","date_gmt":"2021-11-19T10:05:47","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks"},"modified":"2024-05-07T11:24:41","modified_gmt":"2024-05-07T09:24:41","slug":"just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/just-like-groundhog-day-emotet-is-back-with-a-new-bag-of-tricks\/","title":{"rendered":"Just like Groundhog Day: Emotet is back with a new bag of tricks"},"content":{"rendered":"\n<p>In January, the German Federal Criminal Police Office (BKA) proudly&nbsp;<a href=\"https:\/\/www.bka.de\/DE\/Presse\/Listenseite_Pressemitteilungen\/2021\/Presse2021\/210127_pmEmotet.html\" target=\"_blank\" rel=\"noreferrer noopener\">announced<\/a>&nbsp;the demise of the supposedly \u201cmost dangerous malware in the world\u201d. In collaboration with law enforcement authorities in seven other countries, the BKA had succeeded in destroying the Emotet server infrastructure entirely, thereby rendering the Trojan harmless. It has now emerged, however, that this \u201csignificant blow dealt to international organized internet crime\u201d has unfortunately not had a lasting impact.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-only-the-good-die-young-emotet-is-making-a-triumphant-return\">Only the good die young: Emotet is making a triumphant return<\/h2>\n\n\n\n<p>To paraphrase Mark Twain, the reports of Emotet\u2019s demise were indeed greatly exaggerated, not to mention premature. Several cybersecurity experts&nbsp;<a href=\"https:\/\/www.heise.de\/news\/Totgesagte-leben-laenger-Emotet-ist-zurueck-6268241.html\" target=\"_blank\" rel=\"noreferrer noopener\">recently reported<\/a> that computers already infected with the TrickBot trojan have started downloading DLL files from the internet. Several sources have now identified that these files in fact contain the Emotet malware. Many indicators suggest that cyber criminals are making every effort to bring the Botnet back to life and restore it back to its former glory.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-convincingly-designed-spam-containing-manipulated-office-documents\">Convincingly designed spam containing manipulated office documents<\/h2>\n\n\n\n<p>The new Emotet bots are once again actively sending out malicious spam, security researchers at Cryptolaemus recently confirmed <a href=\"https:\/\/twitter.com\/Cryptolaemus1\/status\/1460403592658145283\" target=\"_blank\" rel=\"noreferrer noopener\">on Twitter<\/a>. These attacks generally involve doctored .docm, xlsm or password-protected ZIP files being sent to potential victims. In previous attacks, the emails were well-designed, effectively deceiving recipients by imitating colleagues or business partners and sometimes even containing sections of previous email threads the recipient actually participated in.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-comprehensive-cybersecurity-ensures-the-highest-levels-of-protection\">Comprehensive cybersecurity ensures the highest levels of protection<\/h2>\n\n\n\n<p>As with all malware, unfortunately no measures can provide a company with one hundred percent protection from Emotet over the medium-term future. A powerful email security service combined with a corresponding <a href=\"https:\/\/www.retarus.com\/retarus-anti-phishing-guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">sensitization of users<\/a> however, can prevent or minimize the impact of an infection in many cases. For its comprehensive CxO Fraud Detection, Retarus combines a vast array of algorithms in order to detect \u201cfrom spoofing\u201d and \u201cdomain spoofing\u201d and thwart <a href=\"https:\/\/en.wikipedia.org\/wiki\/Email_spoofing#Business_email\" target=\"_blank\" rel=\"noreferrer noopener\">Business Email Compromise (BEC)<\/a> at an early stage. In this way, messages faking the sender addresses of high-ranking managers or other familiar contacts \u2013 a mechanism Emotet relies on \u2013 can already be detected and filtered out prior to the messages being delivered.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-always-learning-emotet-has-constantly-been-evolving-since-2014\"><br>Always learning: Emotet has constantly been evolving since 2014<\/h2>\n\n\n\n<p>Emotet is the most \u201csuccessful\u201d Trojan in recent IT history and serves as a gateway for ransomware. In Germany alone, the malware is estimated to have brought about losses of at least 14.5 million euros. Emotet was first \u201cdiscovered\u201d in 2014 and has been changing and evolving continuously ever since. For the highest levels of protection against the flood of new and increasingly sophisticated variants, Retarus relies on its patented postdelivery protection service&nbsp;<a href=\"https:\/\/www.retarus.com\/services\/email-security\/tech-specs\/#patient-zero-detection\" target=\"_blank\" rel=\"noreferrer noopener\">Patient Zero Detection<\/a>. This innovative solution enables the detection of malware and harmful hyperlinks as soon as their patterns become available to virus scanners, even in messages that have been received at an earlier point in time.<\/p>\n\n\n\n<p>By the way: With its comprehensive, modular&nbsp;<a href=\"https:\/\/www.retarus.com\/secure-email-platform\/\" target=\"_blank\" rel=\"noreferrer noopener\">Secure Email Platform<\/a>, Retarus thoroughly covers all aspects of the key communication channel, including solutions for your company\u2019s contingency plans. With&nbsp;<a href=\"https:\/\/www.retarus.com\/services\/email-continuity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Email Continuity<\/a>, companies and their employees have an alternative way of accessing their business email communication at all times.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The destruction of the Emotet infrastructure has unfortunately only been temporary. Bots are once again sending deceptive, well-made emails appearing to be from colleagues.<\/p>\n","protected":false},"author":12,"featured_media":6660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[102,3618,509],"dipi_cpt_category":[],"class_list":["post-6659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-email-security","tag-emotet","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v24.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Just like Groundhog Day: Emotet is back with a new bag of tricks - Retarus Corporate Blog - EN<\/title>\n<meta name=\"description\" content=\"Die Zerschlagung der Emotet-Infrastruktur war leider nicht von Dauer. Bots senden wieder \u201egut gemachte\u201c E-Mails von scheinbaren Kollegen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Just like Groundhog Day: Emotet is back with a new bag of tricks\" \/>\n<meta property=\"og:description\" content=\"Bots senden wieder &quot;gut gemachte&quot; E-Mails von scheinbaren Kollegen\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-19T10:05:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T09:24:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"S\u00f6ren Schulte\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Und t\u00e4glich gr\u00fc\u00dft die Schadsoftware: Emotet ist zur\u00fcck und lernt dazu\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"S\u00f6ren Schulte\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/\",\"name\":\"Just like Groundhog Day: Emotet is back with a new bag of tricks - Retarus Corporate Blog - EN\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg\",\"datePublished\":\"2021-11-19T10:05:47+00:00\",\"dateModified\":\"2024-05-07T09:24:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\"},\"description\":\"Die Zerschlagung der Emotet-Infrastruktur war leider nicht von Dauer. Bots senden wieder \u201egut gemachte\u201c E-Mails von scheinbaren Kollegen.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Just like Groundhog Day: Emotet is back with a new bag of tricks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d\",\"name\":\"S\u00f6ren Schulte\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Just like Groundhog Day: Emotet is back with a new bag of tricks - Retarus Corporate Blog - EN","description":"Die Zerschlagung der Emotet-Infrastruktur war leider nicht von Dauer. Bots senden wieder \u201egut gemachte\u201c E-Mails von scheinbaren Kollegen.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/","og_locale":"en_US","og_type":"article","og_title":"Just like Groundhog Day: Emotet is back with a new bag of tricks","og_description":"Bots senden wieder \"gut gemachte\" E-Mails von scheinbaren Kollegen","og_url":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2021-11-19T10:05:47+00:00","article_modified_time":"2024-05-07T09:24:41+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg","type":"image\/jpeg"}],"author":"S\u00f6ren Schulte","twitter_card":"summary_large_image","twitter_title":"Und t\u00e4glich gr\u00fc\u00dft die Schadsoftware: Emotet ist zur\u00fcck und lernt dazu","twitter_misc":{"Written by":"S\u00f6ren Schulte","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/","url":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/","name":"Just like Groundhog Day: Emotet is back with a new bag of tricks - Retarus Corporate Blog - EN","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg","datePublished":"2021-11-19T10:05:47+00:00","dateModified":"2024-05-07T09:24:41+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d"},"description":"Die Zerschlagung der Emotet-Infrastruktur war leider nicht von Dauer. Bots senden wieder \u201egut gemachte\u201c E-Mails von scheinbaren Kollegen.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2021\/11\/shutterstock_2943090.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/und-taeglich-gruesst-die-schadsoftware-emotet-ist-zurueck-und-hat-dazugelernt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Just like Groundhog Day: Emotet is back with a new bag of tricks"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/da5eb37e5936738ea4e12be8b429433d","name":"S\u00f6ren Schulte","url":"https:\/\/www.retarus.com\/blog\/en\/author\/sschulte\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=6659"}],"version-history":[{"count":15,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6659\/revisions"}],"predecessor-version":[{"id":10459,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/6659\/revisions\/10459"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/6660"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=6659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=6659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=6659"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=6659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}