Microsoft experts said that during one of the malicious campaigns, Emotet malware turned off the computer network of “one of the organizations.” Information security experts believe that this is a city in Pennsylvania.
According to Microsoft, the malfunction was caused by an increase in the maximum load on the CPU of devices running Windows and loose of Internet connections.The malware avoided detection by antivirus solutions thanks to regular updates from a C&C server controlled by cybercriminals and spread through systems, causing network outages and disabling main services for almost a week,” — Microsoft said.
The reason for the compromise was one of the organization’s employees who opened a phishing email with a malicious attachment, thereby transmitting credentials to attackers. Five days later, Emotet was downloaded and launched on the organization’s systems. The malware was quietly spreading over the network, stealing the credentials of administrators and authenticated on new systems, which were subsequently used to hack other devices.
Despite the efforts of organization’s IT specialists team, in 8 days the entire network failed due to overheating, freezes and computer reboots, as well as due to the slowdown of Internet connections.
Details in Microsoft’s account of incident response work for a company it calls ‘Fabrikam’ line up with a cybersecurity incident disclosed by the US city of Allentown, Pennsylvania, in February 2018, which it expected would cost it $1m to recover from. The attack knocked out the city’s core systems, including its network of 185 surveillance cameras, Associated Press reported at the time”, — report ZDNet investigators.
A team of specialists from Microsoft was able to stop the spread of infection using resource controls and buffer zones designed to isolate assets with administrator rights. Ultimately, she was able to completely eliminate Emotet after downloading new antivirus signatures and deploying special solutions to detect and remove malware.
According to ZDNet, Allentown officials reported that Emotet replicated itself and stole employee credentials. City officials also said they paid Microsoft an initial emergency response fee of $ 185,000 to “stop this bleeding.”
Another 1 million dollars will go to restore systems. Microsoft points out that Fabrikam failed to meet best practice because its email filters didn’t screen internal mails, which allowed Emotet to spread internally without causing alerts. Had it done this, Fabrikam could have gained valuable time to protect administrative directories before they were attacked.
Microsoft recommends using email-filtering tools to automatically detect and stop phishing emails spreading Emotet infections, as well as using multi-factor authentication, preventing cybercriminals from using stolen credentials.
Let me remind you that a group of Japanese developers created a special free utility for detecting Emotet infections.
