Nicole Zheng

Emotet malware protection for remote workers

Emotet malware attacks have been around since early 2013 and have recently spiked— so much so that the Department of Homeland Security's cybersecurity division released this alert about this sophisticated Trojan. Emotet can result in extensive business disruption and financial loss.

Just this week, Microsoft published a case report that an Emotet attack shut down an entire business network, and the business (undisclosed) paid Microsoft $185,000 in emergency response fees to contain the virus and is expected to pay an additional $800,000 in recovery costs. 

Emotet is on the radar for banks and financial institutions, which are at high risk and often the targets. As many of these institutions are now forced to work remotely due to COVID-19, Minim has just released Emotet malware protection for Minim for Remote Workers

Minim feature spotlight: Emotet malware protection

What is Emotet malware?

First discovered in 2013, Emotet malware is a banking Trojan that steals user credentials and data through phishing attempts and spam. 

The main target of these Emotet malware attacks are organizations in the financial services industry, specifically their employees considering how these attacks are carried out via malicious email. Furthermore, these organization's remote employees are at extremely high risk as they lack corporate firewalls and malware scanning systems. 

What happens when an Emotet malware attack is launched?

When an Emotet malware attack is successfully launched via the malicious email, the impact on an organization is severe. Essentially, the malware works to quickly proliferate within the network from this single attack vector:

"Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation." [CISA]

To further demonstrate the impact, Microsoft's case report details how the Microsoft Detection and Response Team (DART) helped an organization that had been infected with Emotet malware. As shown in the diagram from the case report below, the organization's entire network was impacted and brought down by Day 8 of the attack:

Emotet malware attack process via Microsoft DART Case Report

Screenshot taken April 10, 2020 from Microsoft DART Case Report.

"By day eight, the organization's IT operations had shut down. Computers froze as their CPUs maxed out. The virus threatened all of its systems, including a network of 185 surveillance cameras. Its finance department couldn't complete external transactions; partner organizations couldn't access Fabrikam databases. The IT department, which couldn't tell whether they were facing an external attack or internal virus, scrambled to investigate but couldn't access network accounts: a distributed denial-of-service (DDoS) attack had flooded the network with traffic." [DarkReading]

Emotet was able to spread so quickly throughout the organization by leveraging the first infected device to target other network machines. This method was successful as the internal messages between the devices weren't subject to malware scans and were assumed by the other employees to be trustworthy.

How can Emotet malware be detected?

Since Emotet is polymorphic and can update itself with new definitions— easily bypassing antivirus software— having network visibility is key to Emotet malware detection and protection.

The Microsoft DART Case Report states that network visibility tools were something the impacted organization lacked.

Minim has added Emotet malware protection to Minim for Remote Workers, a solution that extends the corporate network edge into employee homes for improved remote work quality, security, and support. 

Emotet malware detection on the Minim platform

When the Emotet threat is detected on the Minim platform, the alert appears in the Remote Assistant mobile app for the employee (above) and the Minim Edge Extend web app for business IT personnel.

This flags the issue on a single employee device, giving IT the chance to swiftly contain the virus before it spreads throughout the organization. IT also has the option to enable a certain level of Emotet malware blocking that, once enabled, the Minim platform would provide the protection against automatically.

(Last updated on May 11, 2020)

Learn more about Minim for Remote Workers

Learn more