The Emotet Trojan first reared its head during 2014 and was first seen as a banking Trojan, leveraged to exfiltrate sensitive data such as bank account information from browsers when the user logs into their bank account. The Emotet Trojan has since undergone some changes and represents a much bigger threat to cybersecurity nowadays.

Emotet is is easily spread to other devices, using a worm like process to infect other devices on the network as well as hijacking the user’s email account and using it to send duplicates of itself to victims’ contacts. Infected devices are placed on the Emotet botnet, and have been used in attacks on other groups. The Emotet creators have now linked up with other hacking operations and are using their malware to share other Trojans such as TrickBot and QakBot, which in turn are employed to share ransomware.

Data from HP Inc. revealed Emotet infections grew by 1,200% from Q2 to Q3, displaying the extent to which activity has increased recently. Data from Check point show Emotet is the most serious malware threat, representing for 12% of all infections in October 2020. TrickBot, which is delivered by Emotet, is the second biggest threat, representing for 4% of infections.

The Emotet and TrickBot Trojans are resulting in the rapid rise of ransomware infections worldwide, especially attacks on healthcare groups. The healthcare sector in the United States is being focused on by ransomware gangs as a result of the heightened chance of the ransom being paid. In a number of instances, the latest ransomware attacks have been made possible due to previous Emotet an TrickBot infections.

Sadly, as a result of the efficient way that Emotet spreads, removing the malware can be tricky. It is likely that more than one device has been infiltrated, and when the Trojan is removed from one device, it is often reinfected by other infected devices in the organization.

Emotet is mainly shared using phishing emails, most often using malicious macros in Word documents and Excel spreadsheets, although JavaScript attachments are also known to be utilized. The lures employed in the phishing emails differ a lot varied, often using lures connected with recent news events, COVID-19, and holiday season lures in build up to Halloween, Black Friday, and Cyber Monday.

The wisest tactic is prevent infiltration is to block Emotet emails from reaching inboxes and making sure that employees are trained how to spot phishing emails.

If you wish to safeguard your organization from Emotet and other malware and phishing attacks, contact the TitanHQ team a call to discover more details about SpamTitan Email Security.