The Trojan Emotet is causing fear among German companies once again. How to act if your systems are infected and how to protect yourself from the virus to begin with.

The fact that phishing attacks have been on the increase for years is no longer a secret. Nevertheless, a large-scale spam campaign around the Trojan “Emotet” is currently causing fear and terror in Germany. Due to the acute danger, the Federal Office for Information Security (BSI) has issued a new warning.

What makes Emotet so dangerous

The malware reaches the computer via phishing mails. Once Emotet is in the system, disaster takes its course. The Trojan horse can be used to store various types of malware. Trojans that spy out access data for online banking are used particularly frequently. In addition, Ransomware can be distributed via Emotet, which encrypts files and deletes backups. In the following, a ransom is demanded for the release of the affected data.

Spread particularly difficult to stop

The spread of Emotet is particularly difficult to control. This is because the program is able to readout information about contact relationships and email content. Based on this information not only further victims can be identified, but also individual spear phishing mails can be generated. This is how phishing emails seem to come from people with whom the receiver has only recently communicated. If even subject and content match past emails, trust is usually high enough to open attachments or click on links. This in turn causes the malware to reach the PC of its next victim.

This is how you should behave if your systems are infected

According to the BSI, Emotet led to serious production losses in several cases. If you notice the Trojan on your systems, you should

  • immediately isolate any potentially infected systems from the network to prevent further propagation. To do this, remove the network cable. It is not sufficient to switch off the device. The affected systems should then be reinstalled.
  • change all stored passwords.
  • report the incident to the BSI or any other national security office and inform your business partners.

This is what you should do to protect yourself from Emotet

In addition to the use of antivirus software, the BSI strongly advises you to install security updates for operating systems and application programs promptly and to perform regular offline backups. The most important measure recommended by the BSI, however, is the sensitization of employees, as they play a prominent role in the dissemination of and protection against Emotet. Since antivirus programs and filters don’t always reliably detect the latest versions of the Trojan, employees should know exactly how to detect personalized emails – and also be aware of what they shouldn’t do!

The first step should therefore be to inform employees about the current threat situation, e.g. through mailings or offline media such as posters. In order to ensure long-term awareness, however, a sustainable solution is needed to sensitise employees. This is where online solutions come in, e.g. classic e-learnings or phishing simulations. This confronts the employees with e-mails, which are exactly modelled to look like typical Emotet e-mails. In this way, your employees will continuously learn how to deal with the latest cyber attacks – in a time-saving manner.

About SoSafe

The SoSafe awareness platform sensitizes and trains employees in dealing with the topic of IT security. Phishing simulations and interactive e-learnings teach employees in an effective and sustainable way about what to pay particular attention to when using e.g. e-mails, passwords or social media. The employer receives differentiated reporting and can finally make awareness building measurable – of course completely GDPR-compliant.