Carolinas IT’s Incident Response to Emotet Attacks

Jennifer Noto News Leave a Comment

Emotet is the latest malware that is causing massive infections. This type of malware is known for its worm-like features allowing it to rapidly propagate across the network stealthily with a very low detection rate.  Even worse, it’s difficult to remediate without completely re-imaging an infected machine. Furthermore, this type of malware is a known “dropper,” meaning that once it’s successfully installed, it will typically install other malware that captures Outlook email addresses and other stored credentials to conduct additional malicious activity.

Emotet can infect machines via phishing links that users click on.

Emotet has caused upwards of $1 million in damages to other organizations. In February 2018, Allentown, PA was a victim of this vicious cyberattack that threatened to take down all of their city systems. The effects of Emotet are crippling. Once the virus has infected the network, it must be contained, and then the entire network must be cleaned ork, which leads to additional unforeseen costs. Attacks like these are a primary reason why businesses should consider investing in stronger security measures, penetration testing, and cyberliability insurance.

In the past month, Carolinas IT has helped two organizations contain, eradicate, and recover from the Emotet virus. These were all-hands-on-deck situations, as they required multiple departments working together to ensure the incident was handled correctly. Our team of experts jumped in quickly to contain the virus and re-engineer the entire network. A process like this can take days and cost organizations thousands of dollars in downtime.

Because Carolinas IT engages partners like Huntress Labs and InfusionPoints, we were able to significantly reduce the time to containment.  Huntress is a breach detection service that can determine when the breach has occurred. InfusionPoints is a SIEM-SOC solution. A Security Information and Event Management (SIEM) solution provides a proactive approach to event monitoring with real-time alerts, trend analysis, and threat intelligence. A Security Operations Center (SOC) is a specialized group of cybersecurity professionals within a secure facility who monitor and analyze an organization’s security posture and defend their IT environment on an ongoing basis. As a result, our clients experienced minimal downtime at a fraction of the cost of what it takes to get organizations back online.

Tools like Huntress and InfusionPoints are essential as part of a layered defense strategy. Employing these solutions in advance can save your organization thousands of dollars in damages and remediation as well as reduced downtime. The up-front cost can save you a lot in the long run.

For more information about our security solutions for your business, contact us today.

Leave a Reply

Your email address will not be published. Required fields are marked *