As the BSI reports: After the successful takedown of Emotet in January 2021 by international authorities, the perpetrators are back with a new botnet. Currently harmful .doc (m) and .xls (m) files or password-protected ZIP archives that contain these files are sent with the spam mails.
According to reports from several sources, the distribution of a new variant of the Emotet malware on systems already infected with TrickBot was observed yesterday. This observation marks the beginning of the return of the malware, the old infrastructure of which was successfully destroyed in January 2021 by a coordinated strike by many authorities. Also after
Consistent reports have already confirmed the sending of spam emails to further spread the malware via a new Emotet botnet. Currently harmful .doc (m) and .xls (m) files or password-protected ZIP archives that contain these files are sent with the spam mails.
Emotet brings ransomware in to reinforce it
It can be assumed that instead of file attachments with the spam mails, links will be sent again in the future, which lead to harmful Office files. Emotet was particularly known for email thread hijacking. Not only are the sender addresses of e-mails falsified, but supposed replies to previously spied out e-mails are sent to the communication partners. The known subject lines and quoted e-mail contents of actual previous communication make the spam e-mails appear authentic to the recipients and induce them to open the attached malicious "bait" documents and authorize the execution of active contents. This leads to an increased penetration rate of these attacks.
Emotet spam wave is rolling in
It must be assumed that there will soon be another extensive wave of Emotet spam, as was often observed in 2019 and 2020. Further malware downloaded by Emotet could lead to numerous compromises of networks of authorities and companies, in which the perpetrators subsequently roll out ransomware to encrypt data.
More at BSI.bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.