Emotet is the new threat on the block and it’s a nasty one. In fact, most cyber threat experts consider it to be the most costly and destructive threats to businesses right now. That’s because it spreads like wildfire, from country to country, on a global scale. It’s so sophisticated that, once in, it can quickly infect an entire organisation and like other worms, it spreads without the aid of a user, enabling it to wreak widespread damage and havoc for all.
Infect. Spread. Steal. Repeat.
Once on a computer, Emotet has three main goals:
- Spread to as many machines and endpoints as possible.
- Send malicious emails to infect other organisations – damaging your sender reputation in the process.
- Download a malware payload like Trickbot that injects code into your browser that automatically debits your bank and PayPal accounts when you login.
In fact, Emotet is so advanced that despite security and GDPR measures, it even tries to steal data, turning a malware infection into a data breach. Some Emotet variants skim email addresses and names from email client data and archives, so they can be sold as part of a wider list and used to spread even more malicious spam. Others inspect your web browser, stealing your history as well as any saved usernames and passwords.
And if that doesn’t get you where it hurts, Emotet can also be a smokescreen for further targeted ransomware attacks. While organisations are dealing with Emotet infections, ransomware like BitPaymer takes advantage of the distraction to hold the business data as a hostage.
What makes Emotet so dangerous?
Emotet earns its reputation as one of the most costly and destructive threats for several reasons.
- It only needs one computer that’s not fully protected to infect an entire suite. Once it gets in, it quickly spreads laterally across the network and leaves you not only exposed to it’s infection, but other threats too.
- It constantly evolves. The cyber criminals behind this threat work 24/7, publishing multiple new variants every single day, so even if you manage to track it down, it’s already moved on.
- It keeps re-infecting. Emotet constantly tries to spread, often re-infecting machines that have been cleaned up, making it yout IT team’s worst nightmare!
How can you stop it?
1. Secure all of your machines
Prevention is better than cure, and one of the best preventative steps you can take is to make sure you don’t have any unsecured machines on your network. Unsecured machines give Emotet a place to hide and adapt, making a bad situation much worse because this nasty piece of work will be trying to break free all the time.
And because it updates itself so frequently (sometimes multiple times a day) it’s continuously presenting new challenges. The longer it’s allowed to test your network, the more chance that an update to Emotet will find a gap in your armour that allows it to break out and spread through your endpoints.
Defence in depth is crucial, and advanced anti-malware features like deep learning, exploit prevention and Sophos EDR give you a significant advantage in containing the outbreak and finding the source.
2. Patch early, patch often
Emotet is a gateway for other malware, so containing an Emotet outbreak doesn’t just mean stopping Emotet, it means stopping whatever it brings with it. Since you don’t know what that will be you have to take the best precautions you can. Top of the long list should be patching known vulnerabilities.
It might feel like the oldest security advice under the sun but it’s on this list on merit. In the real world, unpatched software is making Emotet outbreaks worse, and harder to contain. Somebody reading this isn’t on top of their patching – don’t let it be you.
A Third Option …
Emotet is here and it’s here to stay. All is not lost though if you protect yourself properly with the right technology. We only partner with industry leaders, that’s why Sophos presents the third way to beat the rise of Emotet.
Intercept X and XG Firewall are powerful tools to stop Emotet on their own – and what’s more, they’re even better together. They share real-time threat information and automatically respond to incidents.
When Intercept X detects Emotet running, it notifies XG Firewall which automatically isolates the infected machines, preventing lateral movement. Intercept X then cleans up the infection, telling the firewall once the malware is removed. At this point, XG Firewall restores network access.
Uniquely, by working together, they stop Emotet from moving across your organization. And the best news? All this happens automatically. Zero-touch. In seconds.
If that doesn’t leave Emotet shaking in it’s boots, we don’t know what will …
Need more information?
For more information on what Emotet is and how you can save your business from becoming a target, get in touch with our team of experts for free advice. They may even give you a free trial!