Emotet Activity Returns

Beginning in June, Emotet detections decreased; however, researchers recently observed an increase in activity. Researchers believe the threat actors took time off for server maintenance. Cofense Labs reported on the new activity and Black Lotus Labs offers a list of known active Emotet servers to assist in network defense. New Emotet activity is currently emanating from several countries, including the US, and researchers believe new campaigns are imminent. Emotet began as a banking trojan in 2014, but currently functions as a botnet and is used to deliver additional malware, such as the Trickbot trojan, and ransomware, such as Ryuk. The NJCCIC recommends users maintain awareness of this and similar threats, exercising caution when choosing to take action on unsolicited or unexpected emails, or those that reference an invoice.