Emotet Resumes Malspam Operations

Emotet started spewing out new spam emails yesterday after a period of inactivity that lasted nearly four months. As WaterISAC discussed in its August 27 Security and Resilience Update, researchers had observed Emotet’s command and control servers coming back to life. But the servers weren’t observed sending out new spam emails at that time, as resuming operations required time to rebuild the botnet, clean it of bots from security researchers, and prepare new spam campaigns. The latest emails contain malicious file attachments or links to malware-laced downloads. Users who receive these emails and download and execute any of the malicious files are exposing themselves to getting infected with the Emotet malware. Once infected, computers are added to the Emotet botnet. The Emotet malware on infected computers acts as a downloader for other threats. Some of Emotet’s most well-known customers are the operators of the Ryuk ransomware, which have often rented access to Emotet-infected hosts to infect enterprise networks or local governments with their ransomware strains. Case in point, the Onslow Water and Sewer Authority’s Ryuk ransomware infection began as an Emotet infection. Read the article at ZDNet.