Described by Europol and many others across the cybersecurity ecosystem as “the world’s most dangerous malware”, ‘Emotet’ is a trojan that first appeared in 2014 and is delivered by infected email attachments or links. It has been widely used to spread ransomware, create botnets, and has been blamed for millions of attacks, including some on critical infrastructure.

Reports last year suggested the underlying Emotet network had been seriously disrupted by authorities in an international collaborative effort, but it has recently returned – this time using Excel files to instigate attacks. Since late last year, more than 2.7 million cases have been detected.

Emotet has been particularly effective because its payload can auto-execute on victim devices without any user interaction whatsoever. From that point, it can swiftly and silently seize control of devices and networks, downloading additional payloads along the way such as ransomware or info-stealers.

The Department of Justice estimates it has caused hundreds of millions of dollars in damage worldwide and costs upwards of $1M per incident to clean up, according to CISA.

Part of the challenge facing authorities and cybersecurity teams is that malware operators using Emotet are constantly changing attack vectors, leaving AV engines constantly playing catch-up to detect these ever-evolving threats.

With the proactive approach delivered by CDR technology, Glasswall stops Emotet-infected files by removing macros, preventing information leakage and repairing broken document structure. With no ‘protection delta’ – the time before antivirus and sandboxing tools are updated to protect against new threats – Glasswall CDR instantly removes malware variants such as Emotet, meaning users are secure from day zero.

For further information, visit www.glasswall.com

‍