Emotet Malware: Definition, Damage, Defense & Prevention
What's the world's most dangerous computer virus? Ask security experts, and most would start talking about Emotet malware.
Attackers created Emotet to steal banking data. But in time, hackers expanded their capabilities and added new features to this already lethal virus. The result was malware capable of theft on an almost-impossible-to-imagine scale.
Hackers also used Emotet to install other forms of malware, as long as someone paid them enough to do so. And Emotet spread rapidly and was almost impossible to detect.
We're talking about the Emotet virus in the past tense because an international group of programmers and law enforcement officials disrupted the scheme in early 2021.
But don't relax just yet.
Emotet has been through multiple iterations, and people have studied its format and functionality. Somewhere, a hacker is likely building a new and better version of this same threat. It's wise to know what to watch for and develop your security plans accordingly.
The history of Emotet
In early 2020, the Cybersecurity and Infrastructure Security Agency called Emotet one of the most costly and destructive types of malware available. By that time, the virus had been in circulation for years. Government agencies were often targets, and each time the virus hit them, cleanup cost $1 million.
In its early versions, Emotet stole banking information. But later versions allowed the virus to:
- Deliver anything. In a so-called "loader" scheme, hackers could use their technology to deliver almost any kind of malware a hacker could dream up.
- Spread quickly. Email messages from infected accounts went to all addresses available. The technology also allowed hackers to use brute-force attacks to break deeper into networks, gaining control over entire systems and spreading from there.
- Evade detection. The technology was capable of understanding what kind of system was running, and it could react by protecting itself against removal or detection.
People made money off Emotet attacks, and a team of professionals administered the malware by running sophisticated servers all around the world. In 2021, officials from the Netherlands, Germany, the United Kingdom, France, the United States, and more carried out an operation to stop it.
During one exciting week, the team gained control of all the servers running Emotet attacks. In essence, officials disrupted Emotet at the source, and they made several arrests in the process.
Without servers to process data and carry out threats, the Emotet threat was effectively eliminated.
How did Emotet malware work?
In January of 2021, right before officials took servers down, Emotet represented 7 percent of all malware infections globally. Everyone was a target for Emotet attacks. If you have an active email account, the virus has likely touched you at least once.
Emotet primarily spread via email. Messages involved:
- Shipping. A message told victims about a package coming soon and told them to open an attachment to find out more.
- Bills. An email told recipients they owed money to a company, and they needed to open an attached invoice.
- Work. Emails from colleagues contained attachments that seemed like meeting notes or invitations to parties.
Anything a writer could dream up involving an attachment became an Emotet lure. Victims thought they needed to open those attachments, and when they did, the program asked them to "enable macros" to see all of the information inside.
Allowing macros meant starting the malware machine. Soon, a victim's computer began spreading similar messa