An email campaign attempting to spread the malware with the Emotet downloader returned after being inactive after October 30. Three surges were seen in October with spam emails containing the Emotet downloader targeted vulnerable users. The malware often caused a Ryuk ransomware infection or there were also attempts to steal bank account credentials with the Trickbot banking Trojan. Seven weeks later, the group has reignited the initiative to compromise more systems
So far, at least 100,000 messages in various languages containing different links have been issued by the cybercriminal group. The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has deemed the Emotet campaign as one of the more prevalent ongoing threats and works to combat it as the campaign updates. The campaign is a foothold for future banking Trojans and can compromise many business networks as employees are working from home due to coronavirus. The most recent criminal campaign is seen to be ramping up right around the holidays. While Emotet is difficult to combat, cybersecurity companies are continuing efforts to disrupt the attacks.