Hackers Spread Emotet to Drop Ransomware
An ongoing Emotet campaign is targeting Australian entities, including government agencies and critical infrastructure providers. The malware is distributed via phishing emails containing Microsoft Office attachments, usually macro-enabled Word documents. When activated, the Emotet payload secures a foothold in the target host and attempts to spread within the network by brute-forcing user credentials. Emotet then downloads the Trickbot malware, which harvests emails and credentials as well as moves laterally within a network using the EternalBlue exploit. The threat actors will unleash the Ryuk ransomware when sufficient systems within the network are compromised.
References:Advisory 2019-131a: Emotet Malware Campaign
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services