Ever-changing virus threatens businesses
Companies are being warned against a powerful regenerating email virus called Emotet.
The Australian Cyber Security Centre says there have been at least 19 successful attacks so far in Australia, with public and private healthcare industries already affected by the virus. One incident led to a ransomware attack on a Victorian healthcare facility.
Retail and professional services firms and critical infrastructure providers have also reportedly been affected.
Emotet was first detected in Europe in 2014 and was originally focused on people accessing their banks. Email security firm Mailguard says cybercriminals are continuously updating its signature to remain undetected by anti-virus software. It can forward itself to every email contact of a victim, increasing the likelihood of further infection.
The virus is being spread through malicious emails purporting to be from the employee’s workplace. It contains Microsoft Word attachments that download and install the malware when it is opened. Some emails contain embedded URLs with the virus.
It also downloads secondary malware which allows attackers to harvest emails and credentials, move within a computer network and download yet more malware.
Law firm Clyde and says employees must be warned about the threat and trained not to click malicious attachments. Affected computers must be immediately isolated from the network.
The Australian Cyber Security Centre says victims should not pay any ransom demands. It recommends organisations should block Microsoft Word macros on their systems, alert staff to the virus and what to look for, maintain firewalls, scan their networks, develop an incident response plan, maintain offline backups and implement security controls.