Orléans, Caught in the Emotet Trojan Trap
In the wake of a series of cyberattacks, the city of Orléans has not been spared. But it is not alone. Since August, we have seen a resurgence of attacks by the Emotet Trojan in France. This Trojan has also targeted several regional education authorities, including those in Nantes, Rennes, Amiens, Nancy-Metz, Strasbourg, Lyon, Grenoble, Montpellier, Versailles, Paris, Créteil…and many others. It has also attacked companies such as Airbus, Faurecia, Fortinet, Imerys, and Veolia. (source: LeMagIT).
How does Emotet work?
Email or text message… Cyberattackersare trying every trick in the book to install the Emotet malware, including impersonating their victims’ banks.
Cybercriminals hijack the domain names of their targets’ email addresses. They then send emails pretending to be from trusted individuals. The recipient, not paying close attention, opens the seemingly legitimate email and clicks on fraudulent URL links or corrupted attachments. Emotet, for example, activates after Word, Excel, or PowerPoint macros containing malicious code are enabled. This malware then sneaks into the computer and spreads discreetly throughout the organization’s network. A ransom demand usually follows.
Particularly active in September 2020,the French National Cybersecurity Agency (ANSSI) issued a warning about the resurgence of Emotet, a virus that has been known since 2014. ANSSI also notes that this Trojan has not only evolved but has also seen a sharp increase in activity since August 2020.
So be careful with the senders’ email addresses: it’s essential to double-check that the domain name hasn’t been spoofed.
For example, Emotet was spread via more than a hundred emails sent from the email servers of the Orléans local government.
What should you do if you encounter a Trojan horse?
According to ANSSI, “detecting and addressing an Emotet-related security incident as early as possible can prevent many types of attacks, including ransomware attacks, before encryption takes place.”
The agency also recommends that:
- Raise user awareness about phishing: be vigilant about the emails you receive, and learn to distinguish genuine emails from phishing emails.
- Restrict the execution of macros in email attachments.
If you have any concerns or suspect a cyberattack by the Emotet Trojan:
- Disconnect compromised devices from the network without deleting their data.
- Use antivirus software. However, if your computer becomes infected, the only way to ensure that the malware is completely removed is to reinstall the operating system.
