This is malware that is associated with stealing data, it spreads throughout the environment like a worm, and is very persistent. It is known to be used during ransomware attacks as well, such as BitPaymer.
This should be taken seriously and measures should be taken place ahead of time to protect yourself.
- Patch your machines! Make sure Windows is up to date.
- Please review your Sophos endpoint and server policies to make sure they follow Sophos best practice.
- Make sure Sophos is installed on all machines.
- If you are using Enterprise Console and are licensed for Exploit Prevention, install Exploit Prevention on your machines and follow Exploit Prevention best practice settings.
- If you are Sophos Central and are licensed for Intercept X, confirm that Intercept X is installed on your machines and follow Intercept X best practice settings.
- On your email gateways, make sure spam and virus protection settings are enabled as this attack may try to get into your environment through a phishing email (which may include malicious links or attachments).
- On your firewalls, enable additional protection such as scanning HTTP/HTTPS, IPS, Advanced Threat Protection. When Emotet gets onto your machines, it will reach out to the internet to download malicious payloads and contact CC (command and control) servers for further information.
Don't hesitate to reach out to us with any questions or concerns.