Emotet is the name of both a ransomware gang and the strain of ransomware the cybercriminals use. While Emotet remains a serious threat, their 2020 has been besmirched. They got hit with EmoCrash. Eventually Emotet recovered and went out for round two. That’s when things got weird. VIPRE was one of the first security companies to report on an unknown party trolling Emotet. Since then, more details have been uncovered. Recently Emotet made two blunders in their email scams when attempting to infect people.
EmoCrash
In February of 2020, malware researchers at Binary Defense found a bug in Emotet’s code. Over a two day period they discovered a way to utilize that bug to crash Emotet and began to distribute the method. However, it was a temporary solution. After about five months, the Emotet gang was back in action.
Emotehack
This was arguably the most comedic security news of 2020. An unknown individual dubbed “white knight” sabotaged Emotet’s comeback. While it seemed to start as a simple joke it ended up effectively disrupting Emotet’s operations. Imagine if a serial killer in a movie didn’t realize their knife was actually a toy that would make a silly squeaking sound. It would be a similar effect where the villain seems a little less terrifying.
Double Blunder
Fast forward to now. It’s the end of September and Emotet is back at it again. They need a win, so they execute on a mass email scam. It’s quite clever. To bypass security software they use password-protected archives.
Unfortunately, they blundered this effort all on their own – no vigilantes required. The scam email attempts to convince targets to open an attachment allegedly in Windows Phone 10 format. The blunder is that particular OS reached its end-of-life in January of this year. The scam lost credibility and fewer people were tricked. For example, do you know someone that you trust who would send you a Windows Phone 10 file?
Emotet, to their credit, pivoted and began claiming the attached malware was an Android file instead. The email said that the file needed to be converted with an “Enable Content” click (Side note: you really should be extra careful about any downloaded files that want an Enable Content click. It’s always a risk). While these new emails may have looked more convincing, they made a second blunder by mentioning 2013 and 2014. By dating the email that way, users would be more likely to see through the scam.
Long-Term Solutions
Unfortunately, as much as these losses for Emotet may be somewhat comedic, it’s inevitable that they’ll be back with another scheme. You can’t rely on their own errors or some vigilante to foil them forever. Study up on anti-ransomware best practices and make sure that you are running a security solution with advanced active protection. It’s the best defense against Emotet’s next strategy.
The post Emotet is Having a Rough Year appeared first on VIPRE.
