The Emotet Malware has been circulating our area recently, with devastating results. DSA has quickly developed a series of best practices on how to combat this trojan and avoid its risks.
According to the US Computer Emergency Readiness Team (US-CERT), this modular banking Trojan primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. It continues to be among the most costly and destructive malware affecting SLTT governments.
With five known spreader modules, and artifacts typically found to mimic the names of known executables, this malware is difficult to detect and incredibly costly to remediate. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.
DSA works closely with local governments as well as the US-CERT to help businesses and government agencies remain safe in the face of dangers like these. Due to the sophisticated methods used by this new Trojan it is critical that companies understand that long standing best practices for how Active Directory users are managed must be updated. It is only through a revamp of how your AD accounts for Backup/DR/Retention and other critical systems are handled that businesses can protect themselves from these kinds of attacks.
Be aware that these attacks can compromise your environment from non-traditional attack surfaces like business Phone systems, embedded OS devices, and other typically “secure” systems. The implications are unsettling, to say the least.
Concerned about the risk Emotet poses to your networks? Contact DSA for an assessment, or chat with our IT consultants today.