Prolific malware turned botnet shows no signs of slowing down as campaigns are launched against financial institutions in the US and UK.  Emotet started life as a banking trojan, but has also evolved into a botnet, with its criminal operators leasing out its capabilities to those who want to distribute their own malware to compromise machines. Such is the power of Emotet that at one point last year it accounted for almost two-thirds of malicious payloads delivered in phishing attacks.

Like previous Emotet attacks, the malware is delivered via phishing emails that contain a malicious Microsoft Word document. This time the email subject lines are based around invoices, bank details and other financial subjects – common terms to attract the attention of workers in the finance sector.  The attachment claims the user needs to ‘enable content’ in order to see the document; if this is done it allows malicious macros and malicious URLs to deliver Emotet to the machine

If a machine falls victim to Emotet, not only does the malware provide a backdoor into the system, allowing attackers to steal sensitive information, it also allows the attackers to use the machine to spread additional malware – or allow other hackers to exploit compromised PCs for their own gain.

What to do?

To protect against Emotet malware, it’s recommended that users are wary of documents asking them to enable macros, especially if it’s from an untrusted or unknown source. Businesses can also disable macros by default.

Organizations should also ensure that operating systems and software are both patched and up to date as this can really help to stop malware being successful as many attacks use known vulnerabilities that can readily be patched against.

What can you do to when this happens to you?

Restore the system from a known uninfected backup.

Which means you need to have an uninfected backup.


This USVBA Cyber Alert is provided by our partner, 171 Comply. Please visit their website to learn more about CMMC and their services.