Since the end of 2018, the malware Emotet has been able to read contact relationships and email content from the mailboxes of infected systems in order to launch further attacks on this basis. The spreading is therefore particularly fast. This is because additional recipients receive authentic-looking emails from people they have recently been in contact with – usually with an attached Office document or a link asking them to open it.
The most important protective measure: Caution in e-mail communication. When opening e-mails, make sure that the sender's e-mail address is correct and, if in doubt, do not open any attachments. Since Emotet often hides in Microsoft Office files and requires macros to install malware, it was previously considered a safe measure not to allow them.
However, even those who have disabled macros on their computers are no longer immune to attack. Emotet tries to trick the recipient by showing that the attached document cannot be opened because it was created in iOS. Anyone who then clicks on two buttons "Enable Edition" and "Enable Content", as requested, unknowingly activates the automatic system and clears the way for the emote infection. Particularly perfidious: Emotet often reloads further malware. The interaction with TrickBot and Ryuk is particularly dangerous. As a "door opener", it reloads the banking Trojan TrickBot, which copies account access data, among other things. It passes this information on to the ransomware Ryuk, which is the last to be loaded. Ryuk now encrypts all files in the system that TrickBot and Emotet have previously classified as sensitive or important. This can result in data theft or even system failure.
If you receive e-mails from us in the near future, we would like to point out that we guarantee not to use iOS documents. If you receive such an information, please delete this mail immediately or inform your own IT colleagues and us. And please take a close look at the sender's e-mail address. Here again our sender addresses, where we will contact you in the usual way: Firstname.surname[at]reisswolf.com or also via group mailboxes such as service[at]reisswolf.com, vertrieb[at]reisswolf.com or personal[at]reisswolf.com.