Recently Binary Defense’s analysts have observed an uptick of activity in Emotet’s botnet. Seemingly marking the end of their unexpected hiatus, Emotet recently released a new update to the loader which seems to attempt to bypass or evade some detection and prevention methods. Additionally, Emotet has begun distributing more modules to victims. With these module distributions, Emotet can use this time in between full spam return to seed new bots that may have been lost during their downtime.
Analyst Notes
Emotet infections can be detected by monitoring endpoints for suspicious behaviors. Binary Defense recommends deploying Endpoint Detection and Response (EDR) tools and implementing 24 hours a day, 7 days a week monitoring using an internal security team or a managed security service provider that can easily detect and respond to Emotet when an infection may occur. It is crucial to respond to Emotet quickly because more damaging malware such as Trickbot and Ryuk ransomware often follows Emotet and can be deployed within minutes or hours after the initial Emotet infection. Additionally, Binary Defense recommends using extreme caution whenever opening and enabling macros on any document obtained from an email.
