The internationally concerted takedown of the Emotet botnet is having an effect: G DATA CyberDefense's Emotet tracking is quieter than before. How companies should take advantage of the breather now.
Emotet has temporarily paralyzed the command and control server of the cybercrime's all-purpose weapon since the internationally coordinated takedown - this is shown by a current analysis by G DATA CyberDefense. The action by law enforcement agencies two weeks ago caused a stir around the world. G DATA has been closely monitoring Emotet for years in order to protect its customers as best as possible.
“The Emotet takedown is a great success against organized crime, as our current figures clearly show. Cybercrime's all-purpose weapon no longer stings, ”says Tim Berghoff, Security Evangelist at G DATA CyberDefense.
Most active malware family
Emotet was one of the most active malware families - in the past year, G DATA identified over 800.000 versions of the malware. However, since January 27, 2021, the activity has decreased to almost zero. Remaining identified samples come from the sample exchange established in the industry. New infections with Emotet are therefore currently rather unlikely.
Companies should chase Emotet
In many companies, however, there are currently still silent, as yet undiscovered Emotet infections. These are still dangerous because cyber criminals can use them to install other malware such as Trickbot or Qbot. This malware is usually used to encrypt all data in the company network and only to release it again against payment of a blackmail fee.
In particular, companies that have received a warning from the BSI in the past few weeks should take it seriously and carefully check their network. A good starting point is the evaluation of the firewall logs - if necessary with external support. Endpoint protection with an in-memory scanner should be used to examine the clients themselves. This offers the best chance of detecting existing infections.
Research silent infections
"Companies should use the break for intensive Emotet-Hunting," advises Tim Berghoff. “Anyone who has a silent infection in the network is still at risk. In the current economic situation in particular, hardly any company can really afford a ransomware attack. "
Emotet was particularly dangerous because the malware spread via deceptively real phishing emails. She used the mailbox of already infected victims to reply to existing conversations. In addition, the malware is technically able to read passwords stored in the browser and use this information for further attacks.
More on this in the blog at GData.de
About G Data With comprehensive cyber defense services, the inventor of the anti-virus enables companies to defend themselves against cybercrime. Over 500 employees ensure the digital security of companies and users. Made in Germany: With over 30 years of expertise in malware analysis, G DATA conducts research and software development exclusively in Germany. The highest standards of data protection are paramount. In 2011, G DATA issued a “no backdoor” guarantee with the “IT Security Made in Germany” seal of trust from TeleTrust eV. G DATA offers a portfolio from anti-virus and endpoint protection to penetration tests and incident response to forensic analyzes, security status checks and cyber awareness training to defend companies effectively. New technologies such as DeepRay use artificial intelligence to protect against malware. Service and support are part of the G DATA campus in Bochum. G DATA solutions are available in 90 countries and have received numerous awards.