Desirre Kaluza
19th February 2021

What do you mean it's been stolen!

I have always marvelled at the variety of illegal things people are capable of coming up with when it comes to stealing information and messing with people’s personal data. I remember back in the day using eMule and having good old Norton antivirus pick up a ton of trojans. It didn’t always pick up everything though, so occasionally mum would call the IT guy over to do a system reinstall.

Getting infected by malware when downloading files is still as current as when I was in my teens. A lot has changed since then, and cybercriminals have certainly become ever so creative and versatile. Take for instance Emotet. It was the talk of the week at the end of January 2021 because it had finally been taken down, and not by an antivirus but a multinational task force focused exclusively on disrupting this threat.

Emotet is, or was, a trojan – and also a bot – with worm-like capabilities which were mainly spread through phishing emails. This much terminology in one sentence can be a bit confusing, so let’s break it down.

A trojan is a type of malware which contains malicious code embedded into something that looks mostly harmless, like a Word document. Users get tricked into executing or installing it thus infecting the users’ system. Trojans don’t self-replicate and require a person to actually interact with them to do their thing – like opening an attachment, for example.

A bot is an automated process or script which interacts with other network services. A bot can, for instance, self-propagate and connect to the server(s) being used on the attack. These servers are known as Command and Control (C&C) servers and are used to remotely access the target network of compromised devices, known as a botnet.

Worms can travel between systems without any action from the user. They can self-replicate and tunnel through various devices unnoticed. Worms are primarily designed to spread and infect – not only computers, but all networks and servers.

Phishing emails, well… If you have a Gmail, Yahoo or Hotmail account, go to the spam folder and FOR THE LOVE OF GOD, DO NOT CLICK ANYTHING! But do have a look at the subjects and the senders. Most of them are obviously fake, but occasionally you will find one with a familiar branding, containing a link or attachment, which will look genuinely legitimate. The purpose is to lure the user to click the link or open the attachment which, in turn, executes the virus.

With all this information widely available on Emotet, why was it so difficult to stop it? Because it was made to look like a legitimate Windows system process! And just to put a cherry on top, as a blended threat with multiple capabilities, it could regularly update itself through C&C – meaning it could look different as and when modified by the cyber criminals.

And why was it so dangerous? Because it opened the backdoor to other more worrisome malware, such as ransomware. Ransomware disables the user’s system and blocks them from accessing their data by encrypting those assets or locking the user out of their machine. It then demands a ransom payment to unlock the user’s computer and restore access to the data.

Cyber security awareness is crucial to avoiding attacks in the first place, but when that isn’t enough, it’s important to have access to proper tools to help keep those threats away.

Acronis Cyber Protection solutions deliver outstanding threat protection with technologies employing machine learning to proactively mitigate attacks and highlight vulnerabilities. Learning and understanding what viruses can do to your system, and how to spot compromised links is a full-time job, so let Acronis do the heavy lifting for you. Get in touch with our team to find out how.