Emotet, Trickbot and Ryuk - Danger from the Internet
What are Emotet, Trickbot and Ryuk and why are they so dangerous?
Emotet, Trickbot, and Ryuk are an “unholy alliance” of three different attackers currently being sent by cyber criminals to take over computers and entire corporate networks – causing damage that’s already gone into the millions for individual companies.
Emotet can read address books on a computer and analyze emails sent to those contacts. Afterwards Emotet sends extremely genuine-looking e-mails to these known contacts – except this time, however, with the purpose of infecting the contacts with Emotet. Emotet can also load any other malware – remotely controlled by cyber criminals. As reported this week, the botnet now comes with a malicious attachment claiming to be from Windows Update. The convincing message explains that some apps need to be updated in order to open a ‘document’ attached to the email. If a user follows the instructions, malicious macros will be enabled, and these will install Emotet on the computer.
Trickbot is a so-called Banking Trojan designed to retrieve credentials on a computer and spread and exploit vulnerabilities in the system across a company’s entire network, transferring online banking credentials (and account balances) to the criminals.
Ryuk is a so-called Ransomware (“Blackmail Trojan”), that encrypts all the files found on a targeted computer. Subsequently, this renders all infected computers (or in the worst case, the entire corporate network) unusable and only a blackmail message is displayed, in addition to a “ransom demand” (which thanks to Trickbot is tailor-made for the financial circumstances of the victim).
More information about Emotet, Trickbot and Ryuk can be found here.
How can I protect myself or my company?
The German Federal Office for Information Security (BSI) urgently recommends the following precautions: