Les risques de Emotet

Not sure what Emotet is? Fair enough, you’ve already got enough on your plate. That said, it’s important to know that Emotet is a cybersecurity threat that could jeopardize the resilience of your company.

What’s Emotet ? 

Emotet is a Trojan horse that hides in your email attachments.

What are its characteristics? There are two dangerous elements to this malware:

  1. It uses sophisticated camouflage techniques to be undetectable to common security software, like traditional antivirus software. Not only does it disguise itself, it is what is called polymorphic, meaning it can change its own characteristics when detected to remain in your network.
  2. It also is very adept at spreading itself throughout a network. Only one workstation needs to be infected for this malware to find a path through your network and execute the operations for which it is designed.

A little bit like how HIV works in the human body, your IT network can be infected and completely compromised without you knowing. On average, a company system will be infected for over 300 days before the infection is detected. Emotet has been leaving a worldwide wake of destruction for over five years now, without anyone being able to stop it.

Why should you be worried about this particular computer worm ?

The main problem is that by the time it’s detected, it’s usually too late. In most cases, your IT department won’t notice until your systems have been completely encrypted by the ransomware that was delivered by Emotet, likely in combination with a leak (and theft) of your data right before its encryption.

When dealing with an infection, your company faces much bigger issues than you may think. In addition to the loss of critical data, the consequences will also include:

  • Possible interruption of your operations due to IT outages that tend to last weeks, not just days
  • Damage to your organization’s reputation
  • The obligation to disclose your data leak
  • And possible lawsuits…

To put it simply, an infection can quickly turn into a major disaster ! 

One Canadian insurance company, for example, was reported to have paid pirates a ransom of USD950,000…

If you believe to be immune, take a look at the following brief list of companies who have publicly announced having a computer virus and the consequences they have suffered.

These are all Canadian companies that have publicly faced cybersecurity issues: Desjardins, Trevi Swimming Pools, Commission scolaire des Chênes, Bonjour-santé, Ville de Longueuil, the Mékinac RCM, Revenu Québec, Sir William Prince Heritage Centre, Société historique du Saguenay, the CIUSSS du Centre-Sud-de-l’Île-de Montréal, and so on. This list is far from exhaustive and goes to show that no organization, regardless of size or industry, is really safe

Read the U.S. Government’s warning to business and government organizations.

How is this possible?

It’s important to know that all of Emotet’s advanced features serve a purpose. The goal of the criminal group behind Emotet is to infect your IT network in order to sell access to the network (and your data) to a third party in the cybercriminal community. They’re highly invested in going undetected by your IT department.

This means that once you’ve been infected with Emotet, the people who designed it earn money by selling your infected system to other criminals who will then exploit this access for their own activities. And this is no small community. Trickbot, Quakbot and Ryuk are often invited to the party:

  • Trickbot is a banking Trojan capable of stealing data from browsers and apps, including your identifying sign-in and auto-complete data.
  • Qakbot, also a banking Trojan, can record keystrokes, web browsing activities, saved cookies and passwords, by extension committing identity theft.
  • Ryuk is another Trojan horse capable of stealing sensitive data and more importantly, identifying strategic files in your system. This malware encrypts the system data including that of all the connected disks. However this Trojan deletes all backup files it encounters as it goes, including shadow copies created by Windows.

What can I do as a business leader ?

Emotet isn’t the only reason to be concerned for the cybersecurity of your systems. Much like in the healthcare industry, there are many threats but never enough time to personally attend to them all.

So how can you make sure your organization has total control over its data?

The answer is complex in its details but easy to manage:

  1. Ensure that cybersecurity is made the official responsibility of an executive.
  2. Ensure that this person has the necessary internal and external resources for their role.
  3. Make sure that you have very good backup files and monitoring mechanisms.
  4. Like they always say, prevention is better than cure. This is why it’s crucial to have a plan for managing cyberincidents.
  5. Include the expertise you need when creating this plan by working with experts in law, insurance, cybersecurity and PR.

Forensik can help you implement this management plan through our ReaKtion service.

How can our ReaKtion service help you ?

ReaKtion is our cyberattack response service that helps prepare your organization for the worst, while giving you flexibility in your investments.

Subscription to this service comes with multiple advantages:

  1. You’ll be prepared for cyberattacks, saving you significant time if one occurs.
  2. Our specialists are available 24/7.
  3. Our incident management team prioritizes your request for assistance over those of clients without a subscription.
  4. Our experts employ cutting-edge equipment and software to minimize the impacts.
  5. You can put your annual balance toward prevention.

To learn more, contact us !