Because of the Emotet takedown, Emotet is no longer a major threat. However, other malware can use the same process or in some cases use the process in a similar way, which means the following information may still be useful.

Fake e-mails that appear to have been sent from friends, neighbours or colleagues have endangered entire networks to date. Emotet was considered to be one of the greatest threats posed by malware, severely impacting Germany, too. Both corporate IT systems and IT systems of public authorities and institutions as well as tens of thousands of private citizens were affected. Emotet is distributed via spam campaigns and therefore poses an acute threat to businesses, public authorities and private users.

Emotet retrieves contact relationships and email content from the mailboxes on infected systems. Perpetrators use this information to continue to spread the malware. This is how it works: recipients receive e-mails that appear to contain authentic contact from people with whom they have recently been in contact. As the subject, form of address and signature use the correct names and e-mail addresses for both sender and recipient, these messages appear real to many people. For this reason, the e-mails lead many to open the malicious attachment or click the URL contained in the message without considering the consequences.

Once the computer has been infected, Emotet loads more malware, for example, Trickbot, a banking trojan. This malware causes data loss or allows criminals to fully take over control of the system. In several of the well-known cases reported to the BSI, this fact resulted in huge production losses because entire corporate networks had to be rebuilt from the ground up. For private users, an infection can result in the loss of data, and login credentials in particular.

How you can protect yourself:

• Promptly install security updates provided by manufacturers for operating systems and application programs (web browsers, browser plugins, e-mail clients, Office applications, PDF document viewers).
• Run anti-virus software and update it regularly.
• Create regular backups of your data.
• Set up a separate user account on your computer to be used to surf the Internet and write e-mails.
• Think twice about opening attachments, even from senders you think you know (especially Office documents) and check links included in the message text before clicking on them. If you think an e-mail is suspicious, give the sender a call and ask about the credibility of the content.

What you can do if you are affected:

• Inform your contacts about the infection: your e-mail contacts are particularly at risk.
• Change all access data stored on affected systems (for example on the web browser) or entered after the infection.
• The malware sometimes makes far-reaching (security-relevant) changes to the infected system. If your computer has been infected by Emotet, the BSI recommends re-staging your system.