What’s Emotet? It is one of the most infectious and costly viruses ever unleashed. It was initially written in 2014 to steal banking information by intercepting internet traffic. With the release of version 3, it now has the ability to brute force admin credentials and infect all systems on a network. It also opens the door for tons of malware to be installed on the system.
It is typically delivered in the form of an email with a Word doc. The document requires you to enable macros and once you do it is unleashed on the network. It is particularly hard to remove. If it is detected by conventional scans, it seems like it has been removed but it actually changes its own code to avoid detection. The only way to root it out of the network is to take all systems offline, perform a boot scan with several updated thumb drive virus scanners, then scan again once back at Windows. Then the system must be patched and secured with real time protection such as Malwarebytes. All domain and local administrator passwords must be changed to something secure and difficult to crack. This is an extremely long process and the more infected computers, the longer the process. Any computer brought back on the network too soon will become infected again and the process starts all over again infecting other computers.
How do you prevent it? Keep your systems updated and patched. Use a good real time AV and spyware protection, so not the free stuff. Most importantly, be aware of what you receive in email. Assume everything is malicious and never click on anything you are not expecting. Even if you know the sender, they could have been hacked and are sending it on to you.
First Aid Computer Services, Inc.