Emotet is back from the summer break – protect yourself now!

M.Sc. Chris Wojzechowski

Emotet is back from the summer break – protect yourself now!

Emotet pulls inbound and outbound email traffic and has been on the road for some time. This year there have been more and more cases where Emotet has managed to spread across various networks. After a summer break the number of reports about attacks is increasing – and the most recent victim is the Berlin Supreme Court.

Targets – that’s how Emotet works!

In the beginning only companies were considered as a goal. The most current cases are for example the Medical University Hannover. According to the clinic spokesman, 170 computers have been quarantined in front of the Hannoversche Allgemeine Zeitung. Happiness in misfortune – no patient data should be affected. Before the summer break, however, the well-known publisher Heise was also affected. The Trojan’s target groups are public authorities, companies and private users.

Emotet is able to read its own e-mail history and let it flow off. Subsequently, these are sighted. E-mails are answered – usually first those that are left unanswered in the mailbox. This enables the Trojan to write e-mails to people with whom you are currently in contact. Information is read from e-mails.

Subsequently, an automated reply is generated which looks very credible. In addition, there is then an attachment in which the malware is located, which is then executed by activating macros. This activation must take place by human hand and varies in the representation.

Emotet Trojaner - AWARE7
The Emotet Trojan in the wild. Rights must be granted for the Trojan to cause damage. Source: any.run

After being spread by e-mail, malware is downloaded by other cybercriminals (initially in Germany Trickbot and the encryption Trojan Ryuk), which can then be executed at the push of a button. This causes the blackmail message to appear on all computers at the same time, paralyzing entire companies.

Protective measures against the Emotet Trojan – you have to know!

We already reported about Emotet in an earlier Blogbeitrag. In summary, Emotet spreads through macros. Accordingly, markos in Office documents should be deactivated. Furthermore, no executable attachments (.exe, .bat, .jar, .cmd) should be opened. You will never receive such attachments from a reputable communication partner in everyday business.

One of the most important measures is to train yourself and your employees in social engineering, phishing and general IT security issues. Only if you know what you are dealing with can you protect yourself sufficiently. The BSI also gives detailed tips on how to protect yourself from emotifs and other dangerous e-mails.

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.