Impact:<\/strong><\/p>\nAccording to US-CERT alert released on July 20, 2018, “Emotet continues to be amongst the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.”<\/p>\n
At Quick-Heal labs, we have seen many of our customers are badly affected because of spamming done by emotet. As malware sends many phishing mails to user\u2019s contacts, mail server reaches its maximum limits and blocks user\u2019s account for the day. As a result, most of the employees of such infected organization cannot send mails. Such blockages lead to disruption to regular operations or work and further potential harm to an organization\u2019s reputation. Finally, after a week or two we were able to totally clean total network.<\/p>\n
Ryuk ransomware infection may cause temporary or permanent loss of user\u2019s critical data.<\/p>\n
What Quick-Heal’s Telemetry says:<\/p>\n
![\"\"](\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2019\/05\/Per-day-hit-300x186.png\")
<\/p>\n
As you can see, number of hits per day are very high from July 2018 till April 19. It indicates how widespread it is. But same is not the case with actual numbers of customer escalations. At quick-heal Labs, even after detecting thousands of samples per day, we received many customer escalations in initial months after outbreak. Further, we added some rules, IOC’s, signatures at each level of Product features namely at Virus Protection, Behavior Detection, Email Protection, Memory scan, IDS & IPS, Machine learning based, Browsing protection. This directly affected in Zero customer escalations for Emotet from last few months with already infected customers also totally cleaned. As stats are indicating that we are detecting thousands of Emotet samples per day in last few months and still NO customer escalation\/issue reported.<\/p>\n
How can I remove Emotet?<\/strong><\/p>\nIf your machine is in network of any organization, then firstly isolate it immediately. Patch with latest updates of installed software’s and clean the system.<\/p>\n
As Emotet can move laterally in network, your machine can be infected again when you reconnect to network. Identify and clean each infected machine in same network. It\u2019s really complex process to follow. One can always choose Quick-heal Antivirus \/ Seqrite Endpoint Security to avoid this complex process and stay safe with cleaning of already infected machines and proactively blocking against future Emotet infections.<\/p>\n
Preventive measures<\/strong><\/p>\n\n- Keep your computer up-to-date with the latest updates of Operating system, Security software and other software.<\/li>\n
- Don\u2019t open any link in the mail received from an unknown\/untrusted source.<\/li>\n
- Don\u2019t download attachments received by an unknown\/untrusted source.<\/li>\n
- Don\u2019t enable \u2018macros\u2019 for Microsoft\u2019s office documents.<\/li>\n
- Educate yourself and others for keeping strong passwords.<\/li>\n
- Use two-factor authentication where-ever possible.<\/li>\n<\/ol>\n
Conclusion:<\/strong><\/p>\nStats indicate that we are detecting thousands of Emotet samples per day in last few months and still NO customer escalation\/issue has been reported. With this we can say that Quick Heal is able to stop Emotet till today’s date. As its always cat and mouse game between malware and security vendors, we expect evolution of Emotet to next step. We will be continuously monitoring Emotet for future also and will ensure all customers are secured from such malwares.<\/p>\n
To read more about the detailed analysis of the Emotet, <\/strong>download<\/strong><\/a> this PDF.<\/strong><\/p>\nContent Courtesy:<\/p>\n
Bajrang Mane, Security Labs<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Emotet malware was first identified in 2014 as Banking trojan. Emotet has evolved from banking trojan to threat distributor till now. It has hit many organizations very badly in 2018 with its functionalities like spamming and spreading. Further with its widespread rich\/existence at many organizations, it became threat distributor. Since mid of 2018, Emotet is […]<\/p>\n","protected":false},"author":53,"featured_media":87701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1611,1395],"tags":[],"class_list":["post-87705","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-banking-trojan","category-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/87705"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=87705"}],"version-history":[{"count":2,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/87705\/revisions"}],"predecessor-version":[{"id":87707,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/87705\/revisions\/87707"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media\/87701"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=87705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=87705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=87705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2019\/05\/shipment-details-300x189.png\")
<\/p>\n