Home > Message Boards > General Discussion >
How Frankfurt Stopped Emotet In Its Tracks
Post new topic   Reply to topic View previous topic :: View next topic
Author Message

Joined: 16 Jan 2020
Posts: 1
Location: United States

PostPosted: Thu Jan 16, 2020 3:13 am   Post subject: How Frankfurt Stopped Emotet In Its Tracks Reply with quote

During a time when ransomware continues to bring governments round the world to a halt, one city has turned the tables, by bringing their government to a halt pre-emptively to stop ransomware.
According to ZDNet, in late December, Frankfurt, Germany—one of the world’s biggest financial hubs—reportedly pack up its IT network after its anti-malware platform identified an Emotet infection. The reported malware gained entry when an employee clicked on a malicious email that had been spoofed to seem as if it came from a city authority. mcafee activate
Rather than risk further spread and subsequent, more damaging infection, government authorities made the difficult decision to halt the IT network until the Emotet threat was resolved. In so doing, all of the city’s IT functions were pack up for over 24 hours—including employee email, essential apps, and every one services offered through the Frankfurt.de webpage. The move paid off, however—as IT department spokesman Gunter Marr told Journal Frankfurt, no lasting damage had occurred. mcafee login mcafee.com/activate
“In my opinion, Frankfurt made a really brave—probably not easy—decision to pack up the network to eradicate their Emotet infection,” said John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research. “Emotet infection may be a precursor to Ryuk ransomware, so i feel they dodged the proverbial bullet.”
The Emotet-Ransomware Connection
In many cases, the primary sign of ransomware is that the ransom demand itself, alerting you that you’ve been infected and asking you to ante up . The Emotet malware works a touch differently therein it's not, in itself, ransomware. Instead, it functions just like the key to a door: Emotet infects the system, and once the system is “open,” access to the Emotet-infected network are often sold to ransomware groups and other cybercriminals, who may then utilize stolen credentials and easily “walk in.” during a recent campaign, once Emotet was downloaded, it successively downloaded the Trickbot trojan from a foreign host, which stole credentials and enabled a successful Ryuk ransomware infection. mcafee.com/activate
However, an equivalent multistep process which will deliver two paydays on one deployment of ransomware is additionally its Achilles’ Heel. Since getting ransomware from an Emotet infection is usually a two or more-step process, if you'll stop or eliminate Emotet at Step 1, the next steps toward a ransomware infection cannot occur.
While Frankfurt’s Emotet infection and therefore the subsequent shutdown led to quite a day’s loss in productivity, massive outages and major disruption, the town should be commended on its quick and down to earth response—had they attempted to preserve business operations or opted to require a wait-and-see approach, a possible ransomware infection could have cost them millions more in lost productivity and threat mitigation.
An Ounce of Prevention …
While Frankfurt was ready to intercept the Emotet botnet in time, many others were not—another attack several days before, during a town just north of Frankfurt, resulted in massive disruption when the Emotet malware led to the successful deployment of Ryuk ransomware. In other words, the simplest and safest thanks to avoid an identical fate is to stop an Emotet infection within the first place. norton.com/setup
There are several steps you'll fancy keep Emotet from establishing a stronghold in your network:
1. Educate Your Employees: the foremost important step is to teach your employees on the way to identify phishing and social engineering attempts. Identify email security best practices, like hovering over a link to spot the particular destination before clicking on a link, never giving account information over email, and mandating that each one suspicious emails be immediately reported.
2. Patch Vulnerabilities: The Trickbot trojan is usually delivered as a secondary payload to Emotet. It depends on the Microsoft Windows EternalBlue vulnerability—patching this vulnerability is a crucial step to securing your network.
3. Strengthen Your Logins: If Emotet does gain entrance, it can plan to spread by guessing the login credentials of connected users. By mandating strong passwords and two-factor authentication, you'll help limit the spread.
4. Adopt Strong Anti-Malware Protection, And Ensure It’s Configured Properly: A timely alert from a capable anti-malware system enabled Frankfurt to prevent Emotet. Adopting strong endpoint protection like McAfee Endpoint Security (ENS) is one among the foremost important steps you'll fancy help prevent Emotet and other malware. Once it’s in situ , you'll maximize your protection by performing periodic maintenance and optimizing configurations.
(link hidden for guest post)
(link hidden for guest post)
(link hidden for guest post)
Back to top
View members profile Send private message Visit posters website
Display posts from previous:   
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 All times are GMT-8:00
You can post new topics
You can reply to topics
You cannot edit your posts
You cannot delete your posts
You can vote in polls