Emotet, Trickbot and Ryuk - Danger from the Internet

by Jim Harrison -

What are Emotet, Trickbot and Ryuk and why are they so dangerous?


Emotet, Trickbot, and Ryuk are an “unholy alliance” of three different attackers currently being sent by cyber criminals to take over computers and entire corporate networks – causing damage that’s already gone into the millions for individual companies.

Emotet can read address books on a computer and analyze emails sent to those contacts. Afterwards Emotet sends extremely genuine-looking e-mails to these known contacts – except this time, however, with the purpose of infecting the contacts with Emotet. Emotet can also load any other malware – remotely controlled by cyber criminals. As reported this week, the botnet now comes with a malicious attachment claiming to be from Windows Update. The convincing message explains that some apps need to be updated in order to open a ‘document’ attached to the email. If a user follows the instructions, malicious macros will be enabled, and these will install Emotet on the computer.

Trickbot is a so-called Banking Trojan designed to retrieve credentials on a computer and spread and exploit vulnerabilities in the system across a company’s entire network, transferring online banking credentials (and account balances) to the criminals.

Ryuk is a so-called Ransomware (“Blackmail Trojan”), that encrypts all the files found on a targeted computer. Subsequently, this renders all infected computers (or in the worst case, the entire corporate network) unusable and only a blackmail message is displayed, in addition to a “ransom demand” (which thanks to Trickbot is tailor-made for the financial circumstances of the victim).

More information about Emotet, Trickbot and Ryuk can be found here.

How can I protect myself or my company?

The German Federal Office for Information Security (BSI) urgently recommends the following precautions:

  • Always be cautious and skeptical when opening emails with email attachments, especially if you are not expecting such an email with attachments. Ask (preferably by phone) the sender, if he or she has really sent you this email. Do not click on any links in the email, even if you know the sender.
  • Use an antivirus solution on your private computer. Important: Always make sure that the latest virus signatures of the manufacturer have been installed. In companies, a centrally administered AV solution is essential, as is the regular check as to whether all clients have received and successfully installed the updates of the AV signatures. With our IT remote management console O&O Syspectr you can administrate the AV endpoint solution from the German manufacturer Avira centrally and simply – and the console is free of charge.
  • Also make sure you perform regular backups, especially offline backups. With O&O DiskImage we offer a reliable backup solution for companies of all sizes, as well as for your private computers.
  • Further recommendations of the BSI can be found on their website (German only).
    • Jim Harrison

    Jim Harrison has a very broad sales and account management background, having previously been employed by various international companies in both senior sales and customer service roles. He joined O&O Software in March, 2006 in a sales and localization capacity, and having quickly recognized the potential for O&O Software worldwide, he was appointed Director of Sales International in 2008. Jim and his team focus on developing long-term, strategic partnerships in order to bring the O&O brand and product range to more and more international markets. Developing primarily the European, North American and Asian markets, his aim is quite clear: to have an O&O product installed on every computer, worldwide!