The Emotet trojan just won’t die and appears to be gaining steam as sextortion scams are netting cybercriminals a massive return in exchange for their devious efforts.
According to new data from IBM X-Force, Emotet has been observed to be using a new sextortion scam to rake in payments that are ten-fold that of their Necurs trojan counterpart-based scams. By monitoring the Bitcoin and Dashcoin wallets, it’s feasible to determine the take for each campaign. For example, a five-day Emotet campaign that ran in January netted $57,000 – over ten times the $4,527 taken in by Necurs-based campaigns.
IBM security analysts believe this is due to two factors:
- Emotet scams are targeting businesses – Necurs scams are targeting personal webmail email addresses. By going after business email addresses, Emotet scams have the added benefit of victims wanting to not have their boss find out about the successful attack and, therefore, pay the extortion fee.
- Emotet scams are using Bitcoin – Dashcoin tends to carry a lower value than bitcoin which may be adding to the overall cost in these campaigns.
These two stats should be a bit frightening to organizations. With business users being the target and Emotet being known as a modular and flexible trojan capable of executing just about any malicious act needed, the fact that the bad guys are seeing successes with Emotet means they will likely latch on to more Emotet-based use. The possibilities are endless; more sextortion, data theft, island hopping, fraud – you name it.
Once the Emotet is launch, the proverbial “cat is out of the box”. The time to stop these attacks is before users click on malicious email links and attachments. Security Awareness Training teaches users about the use of email as a malicious medium, how users are tricked into engaging with said emails via social engineering, and what kinds of badness will ensue should the user fall prey to a scam. By being educated, users become vigilant and are less likely to engage with malicious emails.