Many Irish businesses will have noticed the surge in spam emails in recent weeks. What you need to know is that there are very sinister threats hidden in this daily inconvenience.
What is a Trojan Virus?
A Trojan Virus is a type of malware program that gets into your system disguised as something else, such as legitimate software or something quite innocuous. They are employed by cyber criminals who use them to trick users into executing the program on their systems and, once activated, they give the hackers access to the user’s system to spy on them, steal sensitive data and gain backdoor access to the rest of their systems.
What is the Emotet Trojan Virus?
The Emotet Trojan Virus was originally developed with the aim of accessing foreign devices to spy on sensitive data detected and was first detected in 2014, when German and Austrian banks were found to have fallen victim to it. From there it has spread globally and evolved from a simple Trojan into what is called a Dropper, which means that once it infiltrates, it then loads additional malware onto devices.
Emotet has been known to be able to deceive basic antivirus programs to infect users’ computers and hide from them. Once infected, Emotet spreads and attempts to infiltrate other computers in the user’s network.
Recent rise in spam across Irish businesses.
Emotet spreads mainly through spam emails that are designed to look very authentic, which is particularly concerning considering the recent rise in spam attacks noticed across Irish businesses in recent weeks.
These Emotet emails contain a malicious link or an infected document that once opened or downloaded, automatically download the virus to your computer. Once there, it begins to spread, seeking out other computers on your network to infect, and has been known to also ‘drop in’ other malware such as Trickster – a Trojan VIrus that attempts to hack the login data of bank accounts, and Ryuk – ransomware that encrypts the user’s data.
Companies and private individuals are both at risk.
More often than not, the end goal of the cybercriminals behind Emotet is to extort money from their victims by encrypting their data or threatening to publish the private data they have gained access to.
Emotet targets both private individuals, as well as, companies and organisations and there have been some well-documented attacks that have been successful.
Both Microsoft and Apple devices are at risk from Emotet.
Emotet has been detected on the Microsoft Windows operating system and has been known to affect Apple computers since the beginning of 2019.
In the case of the Apple devices, the cyber criminals tricked users with a fake email, purporting to be from Apple’s support team. Victims were told to follow a link to prevent their account from being deactivated and once clicked, their devices were infiltrated.
Why is it so effective?
Once on a user’s device, Emotet reads the user’s emails and uses these emails to create spam emails with remarkably deceptive content complete with sign-offs and email footers. These emails usually appear both legitimate and personal and are very difficult to identify as spam emails. Emotet sends these phishing emails to the user’s own contacts including work colleagues, customers, friends and family.
Usually these emails contain an infected Word document for the recipient to download or a dangerous link. As it is sent from the user’s own device, the correct name and email is always displayed for the sender.
All of this makes the emails appear so legitimate that recipients think it’s safe and fall victim to the same virus themselves.
Once in, it spreads.
Once Emotet has access to your network, it tries to spread. It can attempt to crack account passwords brute force and it has also spread using the EternalBlue exploit and the DoublePulsar vulnerability on Windows.
How can you protect yourself and your business from Emotet?
Emotet is one of the most complex and dangerous malwares ever created. To protect against Emotet, antivirus programs alone are simply not enough, and there is no solution that provides 100% protection against Emotet, or other Trojan Viruses that can constantly change themselves.
The only way to minimise the risk of infection is by implementing a combination of both technical and organisational measures. Here are some steps to protect yourself and your business from Emotet:
- Stay informed:
Keep up to date about developments around Emotet and cyber threats generally so you know what you need to look out for. - Keep computers up to date:
It’s essential that computer and software updates are installed as soon as possible to close any new security gaps. This applies to operating systems, browsers, browser add-ons, email clients, Microsoft Office, and PDF programs. - Install antivirus:
Install a full virus and malware protection program and have it regularly scan your for vulnerabilities. - Always ask first:
Don’t download email attachments or click on links unless you are 100% sure the email is genuine. These spam emails look legitimate, so contact the sender if in any doubt. - Back up regularly:
Regularly back up your data to an external location so you have recent backups to fall back on in the event of an attack. - Use strong passwords:
Only use strong passwords for all of your accounts and enforce 2-factor authentication across your business or organisation wherever possible.
What to do if you fall victim to Emotet?
If you are a business or organisation user and you suspect you may have fallen victim to an Emotet attack, contact your IT provider or contact the team at Calnet IT Solutions here as soon as possible.
Firstly, inform your contacts about the possible infection and let them know to be extra vigilant of emails delivered by you as they may be at risk.
If your computer is connected to a network, disconnect and isolate it to reduce the risk of it spreading.
Next, you should change all of your login data across email accounts, web browsers, software packages etc. Make sure to do this on a separate device that you know is not infected or connected to the same network.
Then, because of Emotet’s ability to spread through a network, you need to scan and clean all of the computers connected to your network. We advise that you contact an antivirus or cyber security specialist to assist you
Enlisting a cyber security specialist.
If you are concerned about the cyber security of your business or organisation, please don’t hesitate to contact us today for an assessment. Our experienced Dublin-based team are standing by to help you identify how you can protect your business from cyber attacks.
Contact us on +353 (0)1 8183272 or on info@calnet.ie.
