Emotet has been active again since last week and security experts fear a revival. We can expect a significant increase in spam and phishing emails in the coming period. Researchers fear that there will be hundreds of thousands of new victims worldwide.
Emotet is the successor to GandCrab and first appeared in 2014. The malware initially masqueraded as a Trojan horse, which hackers used to steal bank account numbers and login details. Today, cybercriminals distribute ransomware, spyware, and other malware through Emotet. They also try to create a back door on company networks. They then carry out a cyberattack at an unexpected moment or sell access to the network to the highest bidder.
In July 2020, the malware hit the Canadian Department of Justice, several European countries and the Democratic National Convention (DNC). By mid-September, Emotet spam campaigns had reached our country, the National Cyber Security Center (NCSC) warned. The US Cybersecurity and Infrastructure Security Agency (CISA) called Emotet “the most dangerous threat of the moment” at the time.
At the beginning of this year, enforcement agencies worldwide dealt a major blow to Emotet. The Dutch Team High Tech Crime (THTC), Europol, Eurojust and numerous international police services seized about seven hundred Emotet servers. Two of them were in our country. The impact was enormous: in the days after the shutdown of Emotet’s infrastructure, the number of infections fell by more than 40 per cent.
Last week, security researchers from Cryptolaemus, G Data and Advanced Intel warned that Emotet had risen from the dead. They argued that the network was growing, which may have heralded new large-scale spam, malware and ransomware campaign. Dutch cybersecurity experts agree.
Dave Maasland, director of cybersecurity company ESET Netherlands, sees Emotet as a serious threat to Dutch business and consumers. As the malware spreads through victims’ email contacts, he expects a revival, with dire consequences. “This can lead to potentially hundreds of thousands of victims of all kinds of digital crime, where ransomware is the biggest problem,” he tells AD.
Security expert Frank de Korte of cybersecurity company Northwave says Emotet has the potential to become “a really big problem” again. “Emotet doesn’t really have the large scale of that time yet, but we do see the preparation.”
BleepingComputer, which has spoken with several security experts, reports that Conti is responsible for the revival of Emotet. Conti is a Russian-affiliated hacker group that has distributed ransomware worldwide. Members of the group carried out a ransomware attack on the Health Service Executive (HSE), Ireland’s national health service, in May. In doing so, they infected 2,000 IT systems, stealing 700 GB of confidential data. They demanded $20 million in ransom.
Another victim of Conti was the Belgian IT company ITxx. Ransomware from Russian hackers brought down the business of about sixty customers. Since the backups were also taken over, the company chose eggs for its money and paid $300,000 in ransom. “We’ve been negotiating all week. For a while, we thought we could recover backups, but that didn’t work. They were also encrypted. Ultimately, we had to pay a ransom to get the data back from ourselves and from our customers,” Philippe van Cauwenbergh told VRT NWS.
De Korte fears that Emotet could spread quickly in the short term. “Because they are now using existing infrastructure, things can go fast,” he tells the AD.
Catch up on more articles here
Follow us on Twitter here