The week before Christmas, Frankfurt saw the unwelcome return of Emotet, a banking trojan that recently came out of hiding to terrorise organisations across the globe.
The malware spread through the city’s systems, forcing officials to shut down its IT network, causing huge delays to government services.
This is the fourth time in recent weeks that Emotet has struck in Germany, following attacks on the Justus Liebig University, Bad Homberg and the Catholic University in Freiburg.
What is Emotet?
Emotet is a type of malware designed to steal users’ login details, card details, and financial and banking information. It’s been called “among the most costly and destructive [forms of] malware”, as it can strike in countless ways.
Victims might be hit with ransomware, have their passwords or intellectual property stolen, or be used as conduits to other organisations.
Security researchers spotted a surge in Emotet attacks earlier this year, but after the botnet’s command and control servers were shut down in May, many thought it signalled the end – or at least a significant respite – from the malware.
However, a new wave of attacks began 16 September 2019, sparking fresh concerns for people’s security.
What should infected organisations do?
Organisations must work quickly following an attack to mitigate the damage. It’s possible that the malware hasn’t spread beyond the initial infected computer, in which case the organisation can simply disconnect it from the network and remove the malware.
However, most won’t be that lucky. If the infection has spread, you should, if possible shut down the whole network, as Frankfurt and the other recent victims of Emotet have been forced to do.
From there, you should remove the malware, harden the components and restore to the network to operation.
You can find out how to do that by reading Fighting the Emotet Trojan. This free green paper explains:
- How Emotet spreads, and what makes the malware so disruptive;
- The practical steps you can take to protect yourself from Emotet; and
- How to remove Emotet from your network in the event of an infection.