computer
Dangerous Emotet malware re-emerged
The Emotet malware appears to be back. Photo: Sebastian Gollnow / dpa
© dpa-infocom GmbH
Emotet has caused great damage to those affected in business and administration. The network was actually stopped. But now there are alarming indications.
Security experts have rediscovered the supposedly eradicated malware almost a year after a major blow against the extremely dangerous cyberware network Emotet.
“It smells like Emotet, looks like Emotet, behaves like Emotet – seems to be Emotet,” is the conclusion of a report by the IT security experts at G Data. The Bochum-based company supported the authorities in the shutdown with technical analyzes.
In January Europol announced that the infrastructure of the Emotet system, which is mainly used by organized crime, was under control. Investigators from eight countries were involved in the more than two-year mission under German and Dutch leadership. In fact, no further Emotet claims were reported afterwards.
G Data’s systems registered the TrickBot malware with a customer on Sunday evening, which in turn reloaded another malware. This was recognized as Emotet. Experts from other security companies confirmed the G-Data analyzes.
Emotet appeared in 2014 as a so-called Trojan. “The Emotet infrastructure basically worked like a first door opener in computer systems on a global level,” said Europol, describing the functionality.
In Germany, in addition to the computers of tens of thousands of private individuals, many IT systems of companies, authorities and institutions were infected. These included the Fürth Clinic, the Berlin Court of Appeal, the Federal Agency for Real Estate Tasks and also the City of Frankfurt am Main.
A Word document, often disguised as a harmless attachment to an e-mail or as a link, was used to break into the system. As soon as the illegal access was successful, it was sold to cyber criminals. These in turn were able to smuggle in their own Trojans, for example to gain access to bank data, to resell stolen data or to extort ransom for blocked data.
The malware was hidden in fake invoices, delivery announcements or alleged information about Covid-19. But if the user clicked on the link or opened the attachment, the malware installed itself and spread very quickly.
Rüdiger Trost, an expert at F-Secure, said that the challenges for companies did not change structurally with the renewed appearance of Emotet. “But the level of cybersecurity risk for companies increases if this family of malware re-emerges.”