Emotet, Trickbot and Ryuk – Danger from the Internet

What are Emotet, Trickbot and Ryuk and why are they so dangerous?


Emotet, Trickbot, and Ryuk are an “unholy alliance” of three different attackers currently being sent by cyber criminals to take over computers and entire corporate networks – causing damage that’s already gone into the millions for individual companies.

Emotet can read address books on a computer and analyze emails sent to those contacts. Afterwards Emotet sends extremely genuine-looking e-mails to these known contacts – except this time, however, with the purpose of infecting the contacts with Emotet. Emotet can also load any other malware – remotely controlled by cyber criminals.

Trickbot is a so-called Banking Trojan designed to retrieve credentials on a computer and spread and exploit vulnerabilities in the system across a company’s entire network, transferring online banking credentials (and account balances) to the criminals.

Ryuk is a so-called Ransomware (“Blackmail Trojan”), that encrypts all the files found on a targeted computer. Subsequently, this renders all infected computers (or in the worst case, the entire corporate network) unusable and only a blackmail message is displayed, in addition to a “ransom demand” (which thanks to Trickbot is tailor-made for the financial circumstances of the victim).

More information about Emotet, Trickbot and Ryuk can be found here.

How can I protect myself or my company?

The German Federal Office for Information Security (BSI) urgently recommends the following precautions:

  • Always be cautious and skeptical when opening emails with email attachments, especially if you are not expecting such an email with attachments. Ask (preferably by phone) the sender, if he or she has really sent you this email. Do not click on any links in the email, even if you know the sender.
  • Use an antivirus solution on your private computer. Important: Always make sure that the latest virus signatures of the manufacturer have been installed. In companies, a centrally administered AV solution is essential, as is the regular check as to whether all clients have received and successfully installed the updates of the AV signatures. With our IT remote management console O&O Syspectr you can administrate the AV endpoint solution from the German manufacturer Avira centrally and simply – and the console is free of charge.
  • Also make sure you perform regular backups, especially offline backups. With O&O DiskImage we offer a reliable backup solution for companies of all sizes, as well as for your private computers.
  • Further recommendations of the BSI can be found on the website of the Alliance for Cybersecurity (In German only).
  • Andreas Blaeser has been with O&O Software since November, 2006 and was appointed Director of E-Commerce in 2018. He has built up the E-Commerce business for O&O Software and is responsible for expanding sales through all electronic channels.