Pine Cove Blog

Emotet is Back! Tips to Protect Your Organization

Written by Jace Holyoak | Jul 23, 2020 4:47:44 PM

Emotet is considered by the US Department of Homeland Security to be one of the most dangerous cyber-threats today. Don't underestimate this dangerous threat that has destroyed network systems across the country. Emotet infections have been known to cost local governments up to $1 million per incident to remediate. 

What is Emotet?

This is malware that is associated with stealing data, it spreads throughout the environment like a worm, and is very persistent. It is known to be used during ransomware attacks as well, such as BitPaymer.

 

This should be taken seriously and measures should be taken place ahead of time to protect yourself.

What Actions to Take Now?

First and foremost, you need to have cybersecurity solutions in place that will protect your assets. Our cybersecurity partner, Sophos Security, can stop Emotet with its solutions. 

[Read: Stopping Emotet with Sophos]

If you are interested in having a third-party come in and audit your cybersecurity protection, visit our cybersecurity page and fill out the form at the bottom.

Even if you have Sophos Security, here are some practical steps you should take to make sure you are secure:

  1. Patch your machines! Make sure Windows is up to date.
  2. Please review your Sophos endpoint and server policies to make sure they follow Sophos best practice.
  3. Make sure Sophos is installed on all machines.
  4. If you are using Enterprise Console and are licensed for Exploit Prevention, install Exploit Prevention on your machines and follow Exploit Prevention best practice settings.
  5. If you are Sophos Central and are licensed for Intercept X, confirm that Intercept X is installed on your machines and follow Intercept X best practice settings.
  6. On your email gateways, make sure spam and virus protection settings are enabled as this attack may try to get into your environment through a phishing email (which may include malicious links or attachments).
  7. On your firewalls, enable additional protection such as scanning HTTP/HTTPS, IPS, Advanced Threat Protection. When Emotet gets onto your machines, it will reach out to the internet to download malicious payloads and contact CC (command and control) servers for further information.

Don't hesitate to reach out to us with any questions or concerns.