Let’s talk about Emotet malware
The Emotet banking Trojan was first identified by security researchers in 2014. Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services—including other banking Trojans.
Emotet uses functionality that helps the software evade detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers. This helps in distribution of the malware. This functionality has led the Department of Homeland Security to conclude that Emotet is one of the most costly and destructive malware, affecting government and private sectors, individuals and organizations, and costing upwards of $1M per incident to clean up.
How does Emotet spread?
The primary distribution method for Emotet is through malspam. Emotet ransacks your contacts list and sends itself to your friends, family, coworkers and clients. Since these emails are coming from your hijacked email account, the emails look less like spam and the recipients, feeling safe, are more inclined to click bad URLs and download infected files.
If a connected network is present, Emotet spreads using a list of common passwords, guessing its way onto other connected systems in a brute-force attack. If the password to the all-important human resources server is simply “password” then it’s likely Emotet will find its way there.
Researchers initially thought Emotet also spread using the EternalBlue/DoublePulsar vulnerabilities, which were responsible for the WannaCry and NotPetya attacks. We know now that this isn’t the case. What led researchers to this conclusion was the fact that TrickBot, a Trojan often spread by Emotet, makes use of the EternalBlue exploit to spread itself across a given network. It was TrickBot, not Emotet, taking advantage of the EternalBlue/DoublePulsar vulnerabilities.
“Current versions of the Emotet Trojan include the ability to install other malware to infected machines. This malware may include other banking Trojans or malspam delivery services.”
How can I protect myself from Emotet?
You’re already taking the first step towards protecting yourself and your users from Emotet by learning how Emotet works. Here’s a few additional steps you can take:
- Keep your computer/endpoints up-to-date with the latest patches for Microsoft Windows. TrickBot is often delivered as a secondary Emotet payload, and we know TrickBot relies on the Windows EternalBlue vulnerability to do its dirty work, so patch that vulnerability before the cybercriminals can take advantage of it.
- Don’t download suspicious attachments or click a shady-looking link. Emotet can’t get that initial foothold on your system or network if you avoid those suspect emails. Take the time to educate your users on how to spot malspam.
- Educate yourself and your users on creating a strong password. While you’re at it, start using two-factor authentication.
- You can protect yourself and your users from Emotet with a robust cybersecurity program that includes multi-layered protection. Malwarebytes business and premium consumer products detect and block Emotet in real-time.
For inquiries, email us at firstname.lastname@example.org