{"id":4781,"date":"2020-08-11T13:13:30","date_gmt":"2020-08-11T11:13:30","guid":{"rendered":"https:\/\/www.retarus.com\/blog\/en\/emotet-returns-to-cause-even-greater-harm"},"modified":"2024-05-07T13:17:14","modified_gmt":"2024-05-07T11:17:14","slug":"emotet-returns-to-cause-even-greater-harm","status":"publish","type":"post","link":"https:\/\/www.retarus.com\/blog\/en\/emotet-returns-to-cause-even-greater-harm\/","title":{"rendered":"Emotet returns to cause even greater harm"},"content":{"rendered":"\n<p>After a break in transmission of roughly half a year, the devious trojan known as Emotet is now active again and flooding the inboxes of companies and authorities with deceptively genuine looking emails which are also highly dangerous.<\/p>\n\n\n\n<p>Since the end of July, the experts at the Retarus Threat Intelligence unit have been registering an almost constant barrage of Emotet attacks. The treacherous thing about Emotet emails is that they at first glance appear to have been sent by a real colleague, make reference to previous email conversations, and recently even started adding <a href=\"https:\/\/www.bsi-fuer-buerger.de\/SharedDocs\/Newsletter\/DE\/BSIFB\/BuergerCERT-Newsletter\/16_Sicher-Informiert_06-08-2020.html?nn=6775642#doc14538234bodyText4\">documents from earlier conversations<\/a> as attachments. Creating this illusion of familiarity lowers the threshold for the recipient to click on the link included in the text \u2013 with disastrous consequences.<\/p>\n\n\n\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Emotet\">Emotet<\/a> mostly uses MS Word documents contaminated with macro viruses to infect IT systems. The creators of the malware, and those looking to profit from it, store the malware on a <a href=\"https:\/\/paste.cryptolaemus.com\/\">constantly alternating<\/a> series of unsuspicious looking servers. When someone has been fooled into opening one of these files and activating the macros it contains, the malware reads the address book and emails from Microsoft Outlook (also known as \u201cOutlook harvesting\u201d) and uses the information to generate more malicious emails to recipients in the network under attack. Emotet is moreover able to download further malware, for instance to snatch login credentials or gain remote access. The general aim of the malware is to paralyze the company\u2019s entire IT network and\/or to blackmail the victim to make ransom payments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-can-you-protect-yourself-from-emotet\">How can you protect yourself from Emotet?<\/h2>\n\n\n\n<p>There is no safeguard that can provide you with 100% protection from Emotet, in no small part because the polymorphous malware, first discovered in 2014, keeps changing and evolving due to constant development. A powerful email security service combined with the appropriate sensitization of users, however, goes a long way towards repelling the malware in many cases, and in case infection occurs, contain it and limit the impact.<\/p>\n\n\n\n<p>It is worth noting that Retarus\u2019 portfolio of services includes the groundbreaking post-delivery protection service <a href=\"https:\/\/www.retarus.com\/services\/email-security\/tech-specs\/#patient-zero-detection\">Patient Zero Detection<\/a>\u00ae, which has been patented in all relevant markets. This service makes it possible to detect malware and harmful hyperlinks in emails which have already been delivered as soon as the corresponding patterns have become available for one of the four scanners deployed in Retarus\u2019 AntiVirus MultiScan, allowing the service to alert recipients as well as administrators about the danger.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2020\/08\/PZD-Real-Time-Response_Rules-1024x678.png\" alt=\"\" class=\"wp-image-4783\"\/><\/figure>\n\n\n\n<p><a href=\"https:\/\/www.retarus.com\/services\/email-security\/tech-specs\/#pzd-real-time-response\">PZD Real-Time Response<\/a> goes a step further. With this software for exchange environments, the malware discovered by the Patient Zero Detection\u00ae service can be processed according to a set of rules, meaning that potentially dangerous emails can be identified in a user\u2019s inbox and then automatically moved to another location or deleted. Should a system become infected with Emotet, both of these tools could simplify mitigation and forensics tremendously.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-infected-computers-need-to-be-disconnected-from-the-network-without-delay\">Infected computers need to be disconnected from the network without delay<\/h2>\n\n\n\n<p>It\u2019s essential that computers infected with Emotet be disconnected from the company network and the internet as quickly as possible, both to prevent the infected mail clients from spreading the malware within the company network and downloading further harmful payload from the web. The malware itself is programmed and installed so deviously, concealing itself so deeply within the system that you are best advised to wipe the affected computers clean and set them up again from scratch with a new standard image.<\/p>\n\n\n\n<p>To ensure that our users are spared this ordeal, we would like to strongly recommend our <a href=\"https:\/\/www.retarus.com\/services\/email-security\/#anti-phishing-guide\">free Anti-Phishing Guide<\/a>, which contains a wide range of useful tips for handling emails wisely. You are welcome to download our little booklet <a href=\"\/wp-content\/uploads\/2020\/04\/retarus-anti-phishing-guide_en-de-fr-es-it.zip\">in five languages<\/a> and distribute it amongst your employees.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2020\/04\/Blogartikel-Header-EN.jpg\" alt=\"Anti-Phishing Guide Visual Blog EN\" class=\"wp-image-4503\"\/><\/figure>\n\n\n\n<p>More information on <a href=\"https:\/\/www.retarus.com\/services\/email-security\/\">Retarus\u2019 Secure Email Platform<\/a> including <a href=\"https:\/\/www.retarus.com\/services\/email-security\/tech-specs\/\">Patient Zero Detection\u00ae and PZD Real-Time Response<\/a> is available on our website or directly from your <a href=\"https:\/\/www.retarus.com\/contact\/\">local Retarus representative<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The devious trojan known as Emotet is now active again and flooding the inboxes of companies and authorities with deceptively genuine looking emails which are also highly dangerous. Our Patient Zero Detection will even detect it in emails which have already been delivered.<\/p>\n","protected":false},"author":14,"featured_media":10240,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","_s2mail":"yes","footnotes":""},"categories":[8,15],"tags":[3618,354],"dipi_cpt_category":[],"class_list":["post-4781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security","tag-emotet","tag-patient-zero-detection"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.7 (Yoast SEO v24.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?<\/title>\n<meta name=\"description\" content=\"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?\" \/>\n<meta property=\"og:description\" content=\"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/\" \/>\n<meta property=\"og:site_name\" content=\"Retarus Corporate Blog - EN\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-11T11:13:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-07T11:17:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Thomas Cloer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?\" \/>\n<meta name=\"twitter:description\" content=\"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Thomas Cloer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/\",\"name\":\"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?\",\"isPartOf\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg\",\"datePublished\":\"2020-08-11T11:13:30+00:00\",\"dateModified\":\"2024-05-07T11:17:14+00:00\",\"author\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\"},\"description\":\"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg\",\"contentUrl\":\"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"APT Hacker Emotet\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.retarus.com\/blog\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Emotet returns to cause even greater harm\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#website\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/\",\"name\":\"Retarus Corporate Blog - EN\",\"description\":\"Always up to date\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5\",\"name\":\"Thomas Cloer\",\"url\":\"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?","description":"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/","og_locale":"en_US","og_type":"article","og_title":"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?","og_description":"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.","og_url":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/","og_site_name":"Retarus Corporate Blog - EN","article_published_time":"2020-08-11T11:13:30+00:00","article_modified_time":"2024-05-07T11:17:14+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg","type":"image\/jpeg"}],"author":"Thomas Cloer","twitter_card":"summary_large_image","twitter_title":"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?","twitter_description":"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.","twitter_misc":{"Written by":"Thomas Cloer","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/","url":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/","name":"Emotet Phishing E-Mails: Wie kann man sich sch\u00fctzen?","isPartOf":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage"},"image":{"@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage"},"thumbnailUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg","datePublished":"2020-08-11T11:13:30+00:00","dateModified":"2024-05-07T11:17:14+00:00","author":{"@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5"},"description":"Der Trojaner Emotet flutet die Postf\u00e4cher von Unternehmen und Beh\u00f6rden mit t\u00e4uschend echten Phishing Mails. Kostenloser Anti Phishing Guide.","breadcrumb":{"@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#primaryimage","url":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg","contentUrl":"https:\/\/www.retarus.com\/blog\/en\/wp-content\/uploads\/sites\/22\/2024\/05\/shutterstock_680078878.jpg","width":1920,"height":1080,"caption":"APT Hacker Emotet"},{"@type":"BreadcrumbList","@id":"https:\/\/www.retarus.com\/blog\/en\/emotet-treibt-wieder-verstaerkt-sein-unwesen\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.retarus.com\/blog\/en\/"},{"@type":"ListItem","position":2,"name":"Emotet returns to cause even greater harm"}]},{"@type":"WebSite","@id":"https:\/\/www.retarus.com\/blog\/en\/#website","url":"https:\/\/www.retarus.com\/blog\/en\/","name":"Retarus Corporate Blog - EN","description":"Always up to date","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.retarus.com\/blog\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.retarus.com\/blog\/en\/#\/schema\/person\/7f8954d8bf84d75cf384942c5f6cf2e5","name":"Thomas Cloer","url":"https:\/\/www.retarus.com\/blog\/en\/author\/thomasc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/4781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/comments?post=4781"}],"version-history":[{"count":8,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/4781\/revisions"}],"predecessor-version":[{"id":10516,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/posts\/4781\/revisions\/10516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media\/10240"}],"wp:attachment":[{"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/media?parent=4781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/categories?post=4781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/tags?post=4781"},{"taxonomy":"dipi_cpt_category","embeddable":true,"href":"https:\/\/www.retarus.com\/blog\/en\/wp-json\/wp\/v2\/dipi_cpt_category?post=4781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}