IT Security


What is Emotet?

Emotet is a computer malware program that was originally developed in 2014 as a banking Trojan. The goal of the malware was to access foreign devices and spy on sensitive private data. Once a device is infected, the malware spreads like a computer worm and attempts to infiltrate other computers on the network. Since 2014, Emotet has spread globally and evolved from a banking Trojan into a dropper. A dropper installs malware onto devices, which then inflicts damage to the system. Emotet continues to be a cybersecurity threat and has been dubbed the “World’s most dangerous malware.”1 The following overview will explain Emotet and how to protect yourself from it:

Targets. Emotet targets private individuals, companies, organizations, and authorities across the world. Emotet has been reported to be the most common malware affecting computer systems in the healthcare industry in the US.

Spread. Emotet is primarily distributed via Outlook harvesting, where the Trojan reads emails from infected users and then creates phishing emails that look remarkably legitimate and personal. These phishing emails are then sent by Emotet to the infected users contacts. Often, the phishing email contains an infected Word document or a malicious link. Once Emotet has access to the network, it can continue to spread and can attempt to use the brute force method to crack passwords to accounts. Emotet has also spread through vulnerabilities that permit malware installation, without human intervention.

Threats. Emotet is complex, dangerous, and expensive to recover from. The virus is polymorphic, with codes that changes slightly every time that it is accessed, which makes it difficult for antivirus programs to recognize. Emotet is highly adaptable and customizable and can leverage current events and current fears to create more compelling phishing emails, increasing the likelihood of users clicking on the infected attachments or malicious links.

To protect yourself from Emotet:

  • Security updates. Ensure that all of your devices and applications receive the latest updates from the manufacturers.
  • Virus protection. Be sure that your virus and malware protection systems are regularly updating and scanning.
  • Backup. Perform frequent backups of your data so that you can recover it quickly in the event of an Emotet incident.
  • Click carefully. Do not download suspicious email or click on links. Do not allow a macro to run on a downloaded file.
  • Strong passwords. Use strong passwords that are complex, long, do not contain words, and do contain a mix of letters, numbers, and special characters. Enable two-factor authentication, if available.
  • Stay informed. Be aware of Emotet news and updates as the malware continues to change and grow.

1 HHS Office of Information Security, 2022, “The Return of Emotet and the Threat to the Health Sector”