The “Emotet” Trojan virus, which has been known about for some time, isonce again causing widespread fear and consternation. The malware has already been responsible for a number of serious IT security incidents and caused significant damage. Emotet is viewed by many as one of the world’s most significant malware threats.
What makes Emotet so dangerous? Emotet is spread through massive spam campaigns. Using what is known as Outlook harvesting, Emotet sends seemingly authentic messages. On systems that are already infected, the malware scans all contact relationships and contact data as well as the related e-mail content. The malware then uses this data to send new spam messages. Since all of the details are correct – the names and e-mail addresses of the sender and recipient in the subject, the form of address and the signature – these e-mails look extremely authentic to most users. Recipients therefore often open the e-mails, which will include manipulated attachments (primarily Office documents with macros), or click on the embedded links.
If the file attachment in such a mail is opened or the link clicked, the malware is loaded onto the user’s own system. Emotet then downloads further malware. The consequences are far-reaching: Data can be stolen, entire IT systems brought down. This has already led to significant loss of production in companies.
However, Emotet is not only circulated via e-mails that are sent to the contacts of the infected user; the malware can even be spread to entire corporate networks via the SMB exploit EternalBlue.
As the malware is well camouflaged, anti-virus programs are often unable to detect it. This makes it all the more important for organizations to raise awareness among their staff so that attachments are not opened straight away or links clicked. A particularly beneficial setting is for macros not to be enabled automatically. From a technical point of view, companies should promptly install any updates or patches for their operating system (especially those updates which combat EternalBlue vulnerabilities) or application programs that are issued by software manufacturers. To keep data safe, it is advisable to carry out regular, multilevel backups and to implement network segmentation. If companies are already affected, professional advice should be sought as swiftly as possible.