Malware Spotlight: Emotet is a very dangerous form of malware, designed to steal confidential data and distribute additional malware packages.

Emotet was originally designed as a trojan horse, to steal financial information from individuals and businesses. However, it has evolved over the years to become a far more formidable foe – often described as one of the biggest malware threats in years.

Regularly featuring in top 10 malware articles on the web, Emotet instances are costing as much as £800,000 to clear up.

But how is it spreading? And how can you stop it?

And ultimately, how can they be a net benefit for your business?

How does Emotet work?

Most cyber attacks begin with a phishing email. This is not surprising when they’re easy to send en-masse and have a 1/10 chance of success.

Emotet is no different – email is the primary form of attack for this type of malware. Disguised as an invoice or shipment-based email, Emotet activates if the recipient opens the attachment. But it’s more sophisticated than a regular phishing email.

Able to hijack a victim’s machine, Emotet steals their identity and uses their trusted reputation to spread the malware to other individuals in the victim’s address book.

This can incur significant financial losses as part of the cleanup, not to mention disruption to your operations and reputational damage. You could even lose critical information forever.

If you receive an email directly from a friend, member of family, or colleague then you’re far less likely to consider the email as spam. This malware relies on that.

Therefore, identifying Emotet can be quite difficult.

Malware Circulation

The USA’s Cybersecurity and Infrastructure Security Agency (CISA) roadmapped a four-step infographic of how Emotet infects, establishes, and propagates.

  1. Infection – Phishing email containing a trojan horse attachment.
  2. Establish Persistence – Upon opening the attachment, malicious code is installed onto the device.
  3. Instructions Phase – Emotet reports the infection back to the hacker who instigated the cyber attack. This allows them to feed instructions directly to the malware.
  4. Network Propagation – Emotet scrapes the device and its accounts for credentials and email addresses. It then takes this information and attempts to brute-force access to other individuals’ accounts.

As you can see, this type of malware can escalate very quickly from a minor breach to a full-blown disaster.

Emotet not only scrapes your email address book, but the contacts in all of your accounts and any other devices on the network that you’re connected to.

By doing this, the cyber criminal behind this deployment of Emotet can use your network as a vehicle to install other dangerous malware.

If Emotet infects your business, you must deploy your BCDR plan as a matter of priority. Failure to do so could very likely result in your business going under.Because the malware is polymorphic, this means that it can adapt its identifiable features in order to evade anti-malware programs.

And with Emotet able to re-infect machines that have been previously cleaned up, the procedure of removing the malware from your network can take months.

It is therefore in your interest to prevent the attack in the first place.

Malware Prevention – How to Beat Emotet

There are straightforward steps you can take in order to beat Emotet.


Ensure that all devices in your network are up to date and patched against the latest threats. This will at least protect you against Emotet’s further distribution of malware payloads that rely on unpatched devices.


You will also want to create a strong password and enable multi-factor authentication (MFA).

Strong passwords make it more difficult for Emotet to brute-force your accounts – the more difficult the password, the longer it takes for the malware to generate.

And even if your password is compromised, MFA can prevent Emotet from gaining access to your accounts simply because it cannot obtain the second or third factors such as your mobile code or fingerprint.


Putting end user policies in place is an essential step in combating malware such as Emotet.

For example, if your colleagues know what to look for in an email then they’re equipped to deal with a potential malware attack.

This might include setting up a policy of marking external emails so that they’re treated with greater scrutiny. If the initial malware attack is intercepted, then Emotet cannot spread.

This also means implementing the Principal of Least Privilege (PoLP), ensuring that users only have access to the systems necessary for them to do their job effectively.However, in order to combat Emotet fully, you’ll need enterprise-grade email and network security, not to mention advanced anti-malware capabilities.

WatchGuard, our network security partner, offers a Total Security Suite that layers businesses’ security, protecting you from advanced malware.Neuways doesn’t just offer industry-leading cyber security solutions, however. We can manage those solutions for you, allowing you to run your business without worrying about malware such as Emotet. Patch management is included as standard.

We can also offer objective advice through our IT Consultancy service.

To discuss all things cyber security, managed services, or consultancy, say, or call us on 01283 753 333 for a chat.