Emotet Activity Continues
The NJCCIC has received reports regarding spam emails containing either malicious links or attachments associated with the Emotet campaign. Trend Micro also recently observed emails containing password-protected attachments delivering the trojan, as the password was included in the body of the email. Threat actors continue to change tactics and techniques to bypass security solutions and avoid detection and sandbox environments. The NJCCIC recommends users refrain from clicking on embedded links or attachments, or downloading files from unsolicited or unexpected emails, and verify emails from known senders via a separate means of communication. If an Emotet infection is strongly suspected but anti-virus/anti-malware solutions cannot detect or remove it, we advise users to reimage the affected system’s hard drive. Also, we encourage users to proactively monitor and change passwords to any accounts accessed on infected systems and enable multi-factor authentication where available. If a user believes their account has been compromised, we encourage them to send a copy of the suspicious email to firstname.lastname@example.org and notify their agency ISO, Email Admin, and Helpdesk.