Emotet Attacks Increasing Significantly, France, Japan, and New Zealand Warn

Emotet, a Trojan malware that aims to infect your device and steal sensitive and personal data, is making a comeback after months of inactivity. Cybersecurity firms in France, Japan, and New Zealand reported a surge in Emotet attacks inside their respective countries, warning users to stay vigilant. The malware is usually delivered through emails containing malicious links, attachments, and documents. It reemerged in July but increased significantly in the past few weeks, prompting CERT teams around the world to ring the alarms.

According to Cryptolaemus, a group of researchers who track Emotet attacks, the Trojan has been most active in the three countries. Joseph Roosen, a member of Cryptolaemus, told ZDNet that New Zealand was targeted the most. Emotet operators used Epoch 3 (E3), one of three mini-botnets that form the Emotet infrastructure, to scam users and companies inside the country. Meanwhile, in Japan, cybercriminals used all three botnets (E1, E2, and E3), Roosen said. CERT Japan revealed that Emotet phishing attempts tripled in the country.

France, however, witnessed a mild wave of attacks compared to the other nations. Nonetheless, hackers brought down some high-profile names, including the Paris court system and the Ministry of Interior. As a result, the latter had to block all Office documents (.doc) deliveries via email. Furthermore, the country’s cyber-security agency ANSSI released a statement urging public employees to be extra careful when opening emails containing links or attachments.

“For several days, ANSSI has observed the targeting of French companies and administrations by the malicious code Emotet,” ANSSI said. “Particular attention should be paid to this because Emotet is now used to deposit other malicious code that may have a strong impact on the activity of victims.”

Old Dog, Old Tricks

Img source: threatpost.com

The three cybersecurity agencies reported the same attacking method: Restarting old conversations. Hackers have been using this technique ever since Emotet malware emerged in 2014. Once it infects your device, it hunts for old emails. The operators then revive former conversations, add malicious links or attachments, then send it to new users. Victims fall into the trap believing the email and its content are legitimate. In the recent attacks, the Trojan apparently used Windows Word documents and ZIP files with passwords as malware.

Emotet can do much more too, like stealing passwords, sending a large number of spam emails to spread the malware, and installing ransomware. The latter encrypts your files and holds them for ransom. The only way to retrieve them is by paying cybercriminals for the decryption key. That is why they are extremely dangerous and costly. In 2018, CERT USA revealed that local governments pay up to $1 million to fix Emotet damages.

French, Japanese, and New Zealander cybersecurity teams also released advice and tips on how to prevent or combat Emotet. In case of an infection, victims must immediately isolate the computer, remove the malware, change all credentials, and notify all contacts not to open any attachments. They must also audit and maintain an offline backup of the system.

TheVPN.Guru offers more online security and privacy tips, as well as reviews of cybersecurity tools like VPNs.

Banking Trojan

Img source: zdnet.com

Emotet is renowned as a banking trojan as it focusses on stealing financial data. It was initially designed to be such malware only but eventually emerged as a complete malware threat. Once inserted or installed in a computer, the malware continues to affect the connected computers too. it was mainly aimed to look for banking-related data of various account-holders and get through to their personal information too. It uses worm-like capabilities to spread soon in the other computers connected to singular machinery. According to experts, it is one of the costliest and dangerous malwares as it has affected both private and public sector along with individuals and organizations every single one as they experienced a huge loss both in financial and personal front.

How it spread?

Img source: threatpost.com

Quite interestingly and skillfully the malware enters into any system with spam mail, malicious link, malicious script, and others. The malware has evolved through different stages of alteration. Earlier it was in a form of a JavaScript file which was malicious in nature. Later became an evolved version with macro-enabled documents to retrieve the virus payload from C&C servers which is popularly used by the cyber attackers.  In fact, the malware is so tough to detect that quite naturally the prevention becomes tougher too. It makes sure not to get detected by the sandbox environment. Cyber researchers use this to detect malware in any system. Emotet updates itself with C&C servers the process is absolutely the same as any windows update on any personal computer or laptop.

French issues

Img source: lemondeinformatique.fr

Emotet has recently entered into the Paris Court Network. This is a threat to the total judicial system of the city. The event has already created a situation of threat among the senior officials and an emergency-like situation is on the go. The Government has blocked the suspicious mail id in reciprocation of the series of events. Finally, when ANSSI, the French cyber-security agency came into the rescue of the situation, they have strictly mentioned not to open any mail from an unknown recipient and not even touch the attached file at any cost. The Government agencies and officials handling the official mail accounts are put on a high cyber-security alert. The most threatening angle is when Emotet uses old files to spread the malware, it does not even look any different. Things remain as legitimates it would have been otherwise.

Almost all the cyber-security agencies of different countries have agreed upon the ill -effects of the malware and recognized it as Emotet. They have also mentioned that the malware is targeting any kind of business sector under the sky. They are targeting personal information and with the recent structure of digitally upgraded identities and all, their job has become easier. Once they get to reach the basic data like name and address or the bank account number, they can access the rest through hacking. The malware is bringing other ransomware too along with like Trickbot, Conti, etc. As per the experts, this malware can damage the systems further to their benefit.

Bogdan Radicanin
Bogdan Radicanin

My name is Bogdan Radicanin, but everyone calls me Boba. I also work as a full-time musician. I approach both jobs with a lot of passion, and I believe that's what makes me successful.