Security researchers are warning companies to be aware of a new resurgence of the Emotet botnet that has been reactivated after a hiatus of five months.

According to the researchers, the Emotet malware steals information, and has been used to distribute the banking Trojan Trickbot. Attackers using the Emotet botnet use simple emails that are personalized, often with the subject line of “RE.” The emails often contain fake invoices, purchase orders, shipping notifications or receipts, and ask the recipient to click on a link or open an attachment. When the link or attachment is opened, the Emotet malware then is activated and the malware hijacks the email accounts and uses them to forward spam emails that contain malicious links and attachments from the legitimate email account to the contacts in that email account. The recipients, believing the email is coming from a trusted source, click on the link or attachment  and the malware exponentially infects other email accounts and systems.

Emotet is known to spread to other devices on the network and those infected devices are then added to the botnet. As of last week, security researchers confirmed that over 250,000 emails containing Emotet are being sent every day.

According to the researchers, if Emotet is detected, it is important to respond as soon as possible, and to isolate the device and remove the malware. Protection from the infection is focused on employee awareness and asking them to be very cautious about opening any Word documents or Excel spreadsheets, even if they think they are coming from a trusted source.

We all have noticed an increase in email traffic and spam during the pandemic. Protecting devices and networks for security personnel has been challenging with a remote workforce; educating a remote workforce on botnets is even more challenging. However, keeping your employees vigilant about emails and attachments, and engaging them to be part of your first line of defense, is critically important to help reduce the spread of Emotet and other malicious malware. As employees, we need to be aware of attacks such as Botnet so we can be responsible and valuable team members in our organization’s data security.