You may have seen my recent emails warning everyone to use extreme caution when opening attachments from 3 Labmed staff and wondered what was up. The pcs used by these 3 individuals were infected by a malware called “Emotet” back in April.
Some background on Emotet. It first appeared in 2014 and targeted the banking industry, but it soon morphed to become a threat to everyone. It is spread by email, in particular malicious attachments or links. The emails use a technique called “phishing” which is a type of “social engineering.” The point of phishing and social engineering is to trick you into revealing personal information, often financial data.
Emotet is very clever. For starters, it is “polymorphic,” which means that it can change dynamically to avoid detection by anti-virus software. It also connects to a server to get updates in the same manner as legitimate software such as Windows operating system. Emotet can also be used as a “trojan,” which means that it has the ability to download other malware to the infected pc.
So what happens when your pc gets infected with Emotet? In our particular case, what happened was that Emotet stole email data including contacts and message contents. It then used this information to generate emails that contained malicious attachments. Because these emails contained snippets of real email conversations, they were hard to recognize as fake.
What can you do to prevent Emotet infections? The most important thing is to approach email with skepticism. If something seems off about an email, go with your gut instinct and do not open any attachments or click any links. It’s fairly easy to fake sender name and even address, so these elements cannot be relied upon to confirm legitimacy. If you’re not sure, report the email to IT. Another thing you can do is call the supposed sender on the phone and ask them to verify that they sent you that specific email.