Swiss information security body warns of wave of “Emotet” banking trojan malware

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) today posted a notice regarding malware that is increasingly targeting potential victims.

MELANI says it has observed a wave of instances of infections via “Emotet / Heodo” malware. Emotet is a banking trojan malware program which obtains financial information from the affected machine.

According to the Centre, criminals are sending emails with infected attachments (typically, a Word document). MELANI advises not to open the documents in emails from suspicious sources. However, these emails often mimic known sources. The rule of thumb is that in case of doubt one should call the sender to verify the email is a genuine one.

Once “Emotet” is installed, it may download ransomware on the affected machine.

In the event of an infection, MELANI recommends that you immediately disconnect the computer from all networks. It is essential that the system should be reinstalled following this and that all passwords should be changed.

After cleaning the computer, the back-up data (if available) can then be restored. If no data backup is available, it is advisable to retain the encrypted data and to save it so that it could possibly be decrypted at some later date in case a solution is found.

In all cases, MELANI recommends bringing the incident to the attention of the Cybercrime Coordination Unit Switzerland (CYCO) and reporting the case to the local police.

MELANI advises against paying a ransom because this will only strengthen the criminal infrastructure and thereby allow criminals to blackmail other victims. In addition, there is no guarantee that the key for decryption will be provided.

According to the latest malware stats from MELANI – those for the second half of 2018, Retefe continues to be one of the most significant banking Trojans in Switzerland. The malware is sent by email on behalf of well-known companies or institutions and targets both Windows and MacOS systems. The email attachments usually contain a malicious Word document, e.g. an purported invoice from an online shop, a delivery confirmation from a parcel supplier or information from the Federal Administration on contaminated drinking water.