2 min

Emotet attacks have been on the rise, leading to more machines getting compromised. This has prompted cybercriminals to launch more malware infections and ransomware campaigns on compromised devices.

The HP-Bromium Threat Insights Report released in October shows a 1200% increase in Emotet attacks from July to September compared to the three months before the malware deployment declined. 

Emotet appeared back in 2018 and has seen some surges in activity, which ebb and flow. Sometimes, people think it is gone, only for it to reemerge. The trend should probably continue to next year.

Ingenious methods

Emotet usually compromises machines using phishing emails, and those who deploy it to compromise devices use thread hijacking. With this, they can make the emails look more legitimate. Usually, people are likely to download an attached file if it appears to come from someone they know.

The attacks and malicious attachments are customized to fit the victim’s location and make it easy for them to open what they receive. Essentially, the emails will most likely be in the national language of the country you are in.

Emotet was born as a banking trojan. However, it now simply compromises as many machines as possible, creating backdoors in networks that are then sold to other malware operators. 

The Emotet is the breach unit

Emotet operators have nefarious but straightforward objectives. Targeting enterprises is on-brand for them. The operators want to access systems, compromise them, and then sell access to other ransomware operators.

In the underground or dark web, access is often shown of the organizations that have been breached.

The ransomware actors then look at these enterprises’ size and revenue to know what to ask for.