- Emotet malware was able to shut down a whole network of Microsoft.
- How the malware carried out the attack and what was the impacts of this attack.
- Microsoft’s efforts to get rid of the emotet malware and Microsoft recommends the users to be cautious phishing attacks.
Emotet is a well-known malware bringing out disruptions across networks by hacking the systems of those networks. The latest report by Microsoft DART shows that the malware was able to shut down an entire Microsoft network in its latest attempt to hack the systems.
The malware tricked one of the employees of the company to open a phishing email. The email was malicious and started to take down the system. Within a period of 8 days, the malware was able to take down the organization’s root activities by overheating it’s all computers for a week. The malware is controlled by the hacker-controlled C2C (command-and-control) infrastructure regularly. The hacker helped the malware to bypass all the detection systems of the organization.
The phishing e-mail which was opened by the employee managed to extract employee’s credentials to the hacker-controlled C2C infrastructure after 5 days and then the malware delivered its payload and performed on Fabrikam’s computers. Fabrikam is the imaginary name given to the victim’s organization by Microsoft in its case study. The malware then started to spread to other computers used by Fabrikam. The malware delivered phishing emails to other computers with the help of stolen information and infected other employee’s computers along with their external contacts. The malware was able to get access to the admin account which helped it to spread to the entire network’s PCs without being detected. The entire network was shut down by the malware within 8 days since the phishing email was first opened despite the struggles made by the IT department officials of the organization.
All the computers started overheating, freezing, and restarting because of the blue screens and the internet connections of the entity also slowed down as the malware devoured all the bandwidth.
When the last computer of the entity experienced these problems, Fabrikan knew the situation had gone out of control and they needed to cease hemorrhaging. The malware took down the entire network to its knees including the 185-security camera system. The malware devoured the bandwidth of the internet to such an extent that even sending an email was not possible.
Microsoft’s cybersecurity team DART came to control the attack after 8 days. They used buffer zones that were able to separate the computers from admin authorization and uploaded new antivirus programs to control the situation. The company’s software defender ATP and Azure ATP were also installed to remove the malicious Emotet malware completely.
Microsoft suggests its users use email-filtration tools after the incident as the malware was able to take down Microsoft’s own network. The company also recommends the users to use multi-factor authorization which will avoid the hackers to access your systems illegally.