Spike in Emotet activity could mean big payday for ransomware gangs
Listen to this article
There’s been a massive increase in Emotet attacks and cyber criminals take advantage of machines compromised by the malware as to launch more malware infections as well as ransomware campaigns.
The October 2020 HP-Bromium Threat Insights Report reports a 1,200 per cent increase in Emotet detections from July to September compared to the previous three months in which deployment of the malware appeared to decline.
Since emerging in 2018, Emotet regularly sees surges in actively then seemingly disappears only to come back again, something which researchers suggest is going to continue well into 2021.
Emotet often gains a foothold into networks via phishing emails and those behind it have been seen to use thread hijacking in an effort to make the emails look more legitimate – people are more likely to download an attachment if it looks to come from a colleague or someone else they know.
The attacks and malicious attachments are customised depending on the location of the intended victim with phishing email templates and lures written in English, French, German, Greek, Hindi, Italian, Japanese, Spanish and Vietnamese.
Despite starting life as a banking trojan, the key for Emotet is now simply to compromise as many machines as possible, creating backdoors into networks which its operators can sell onto other malware operators as gateway for their own malicious campaigns. Emotet infections are a popular starting point for ransomware attacks.
“The targeting of enterprises is consistent with the objectives of Emotet’s operators, many of whom are keen to broker access to compromised systems to ransomware actors. Within underground forums and marketplaces, access brokers often advertise characteristics about organisations they have breached – such as size and revenue – to appeal to buyers,” said Alex Holland, senior malware analyst at HP.
“Ransomware operators in particular are becoming increasingly targeted in their approach to maximize potential payments, moving away from their usual spray-and-pray tactics,” he added. “This has contributed to the rise in average ransomware payments, which has increased by 60 per cent.”
To help protect against Emotet and other malware attacks, it’s recommended that organisations implement email content filtering in order to reduce the change of a malicious attachment successfully being delivered.
Organisations should also ensure that their network is patched with the latest security updates as it can go a long way to protecting against cyber attacks exploiting known vulnerabilities.