You may have heard about Emotet in the news. What is it? An Ancient Egyptian king? Your teenage daughter’s favorite emo band? …We’re afraid not. The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans.
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware. This functionality has led the Department of Homeland Security to conclude that Emotet is one of the most costly and destructive malware, affecting government and private sectors, individuals and organizations, and costing upwards of $1M per incident to clean up.
Who does Emotet target? Everyone is a target for Emotet. To date, Emotet has hit individuals, companies, and government entities across the United States and Europe, stealing banking logins, financial data, and even Bitcoin wallets.
What exactly is it? Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email. Emotet may try to persuade users to click the malicious files by using tempting language about “Your Invoice,” “Payment Details,” or possibly an upcoming shipment from well-known parcel companies.
Emotet uses a number of tricks to try and prevent detection and analysis. Emotet is polymorphic, which means it can change itself every time it is downloaded to evade signature-based detection. Emotet also uses C&C servers to receive updates. This works in the same way as the operating system updates on your PC and can happen seamlessly and without any outward signs. This allows the attackers to install updated versions of the software, install additional malware, or to act as a dumping ground for stolen information such as financial credentials, usernames and passwords, and email addresses.
How does Emotet spread? The primary distribution method for Emotet is through malspam. Emotet ransacks your contacts list and sends itself to your friends, family, coworkers and clients. Since these emails are coming from your hijacked email account, the emails look less like spam and the recipients, feeling safe, are more inclined to click bad URLs and download infected files. If a connected network is present, Emotet spreads using a list of common passwords, guessing its way onto other connected systems in a brute-force attack. If the password to the all-important human resources server is simply “password” then it’s likely Emotet will find its way there.
Another method that Emotet uses to spread is through the EternalBlue/DoublePulsar vulnerabilities, which were responsible for the WannaCry and NotPetya attacks. These attacks take advantage of vulnerabilities in Windows that can allow the installation of malware without human interaction. This ability to self-replicate, like a type of malware we call a worm, causes endless headaches for network administrators across the globe as Emotet spreads itself from system to system.
How can I protect myself from Emotet? You’re already taking the first step towards protecting yourself and your users from Emotet by learning how Emotet works. Here’s a few additional steps you can take: 1. Keep your computer/endpoints up-to-date with the latest patches for Microsoft Windows. Emotet may rely on the Windows EternalBlue vulnerability to do its dirty work, so don’t leave that back door open into your network. ASK ABOUT OUR MANAGED SERVICE PLANS AND THIS WILL BE PART OF WHAT WE PROACTIVELY HANDLE FOR YOU MONTHLY.
2. Don’t download suspicious attachments or click a shady-looking link. Emotet can’t get that initial foothold on your system or network if you avoid those suspect emails. Take the time to educate your employees on how to spot malspam.
3. Educate yourself and your users on creating a strong password. While you’re at it, start using two-factor authentication. ASK US FOR A COPY OF OUR TIPS FOR CREATING A STRONG PASSWORD AND SHARE IT WITH YOUR TEAM, AND IF YOU WANT TO START USING 2FA GIVE US A CALL.
4. Although there is nothing that can guarantee you will never have to deal with malware like Emotet, there are ways you can protect yourself and your users from Emotet with a robust cybersecurity program that includes multi-layered protection. To find out what you can do to beef up your defenses, contact us for more information.
How can I remove Emotet? If you suspect you’ve already been infected by Emotet, don’t freak out. If your computer is connected to a network—isolate it immediately. Once isolated, proceed to patch and clean the infected system. But you’re not done yet. Because of the way Emotet spreads across your network, a clean computer can be re-infected when plugged back into an infected network. Clean each computer on your network one-by-one. It’s a tedious process but having a trusted IT team on your side will make the process much easier! Contact our team if you suspect or have been infected with any form of Malware to ask for assistance.
About Tech 2020 Solutions Tech 2020 Solutions offers complete turn-key solutions for the technologies that drive your business, stores and secures your data and helps you communicate in and outside of your company. Offering offer multiple levels of on-site and remote support, monitoring and maintenance for your data, IT, phones and peripheral equipment needs including: general IT Support and Services, Cloud Storage and Applications, Network Security, Back Up, Mobile Solutions, VoIP Phone Systems, Unified Communications, Business Continuity, Disaster Recovery and other Scalable Technologies. Visit www.Tech2020Solutions.com to learn more about Tech 2020 Solutions, Inc. or call 516-876-8761 or email info@Tech2020solutions.com.
Power Up with John Hassler is a blog distributed by Tech 2020 Solutions, Inc. and written by John Hassler, President and Founder of the company. To reach John, contact him at 516.876.8761 or via email at news@Tech2020Solutions.com. Connect on Linked In and Facebook.
Site TitleSite Slogan
Join The Conversation
Site TitleSite Slogan
Tech 2020 Solutions is the new brand identity for 2000 Computer Solutions 535 Broadhollow Rd. Suite A28 Melville, NY 11747