Spike in Emotet activity could mean big payday for ransomware gangs

A big rise in Emotet attacks has provided hackers with more machines to offer up to cyber criminals for ransomware and other malware campaigns.
Written by Danny Palmer, Senior Writer

There's been a massive increase in Emotet attacks and cyber criminals are taking advantage of machines compromised by the malware to launch more malware infections as well as ransomware campaigns.

The October 2020 HP-Bromium Threat Insights Report reports a 1,200% increase in Emotet detections from July to September compared to the previous three months in which deployment of the malware appeared to decline.

Since emerging in 2018, Emotet regularly sees surges in actively then seemingly disappears only to come back again, something that researchers suggest is going to continue well into 2021.

SEE: Security Awareness and Training policy (TechRepublic Premium)

Emotet often gains a foothold into networks via phishing emails and those behind it have been seen to use thread hijacking in an effort to make the emails look more legitimate – people are more likely to download an attachment if it looks to come from a colleague or someone else they know.

The attacks and malicious attachments are customised depending on the location of the intended victim with phishing email templates and lures written in English, French, German, Greek, Hindi, Italian, Japanese, Spanish and Vietnamese.

Despite starting life as a banking trojan, the key for Emotet is now simply to compromise as many machines as possible, creating backdoors into networks that its operators can sell onto other malware operators as gateway for their own malicious campaigns. Emotet infections are a popular starting point for ransomware attacks.

"The targeting of enterprises is consistent with the objectives of Emotet's operators, many of whom are keen to broker access to compromised systems to ransomware actors. Within underground forums and marketplaces, access brokers often advertise characteristics about organisations they have breached – such as size and revenue – to appeal to buyers," said Alex Holland, senior malware analyst at HP.

"Ransomware operators in particular are becoming increasingly targeted in their approach to maximize potential payments, moving away from their usual spray-and-pray tactics. This has contributed to the rise in average ransomware payments, which has increased by 60%."

SEE: For six months, security researchers have secretly distributed an Emotet vaccine across the world

To help protect against Emotet and other malware attacks, it's recommended that organisations implement email content filtering in order to reduce the chance of a malicious attachment being delivered successfully.

Organisations should also ensure that their network is patched with the latest security updates as it can go a long way to protecting against cyberattacks that exploit known vulnerabilities.


Editorial standards