Self-propagating malware can be a nightmare for organizations. These threats, which can take the form of ransomware, worms, and other malicious attacks cripple access to essential files through exploiting weaknesses in systems and networks. Two significant cyber threats over the past few years included WannaCry and Emotet. While these threats pose similar threats to organizations, each is fundamentally different. While one has been effectively identified and thwarted, the other is resilient.
WannaCry’s Wide-Scale Crippling Effect
WannaCry made many headlines in 2017 when the ransomware worm spread rapidly through some computer networks globally. The ransomware exploited a Windows operating system vulnerability that has since been addressed. The patch – an update to the Windows implementation of the SMB protocol (which facilitated communication between various nodes on a network) – was available before the launch of WannaCry. Vulnerable systems that were not updated saw the worm infiltrate and begin encrypting all sorts of files, such as Microsoft Office files. Then, WannaCry displayed a ransom notice, demanding $300 in Bitcoin for a decryption key.
Since a patch exists that fixes the vulnerability, WannaCry’s threat is essentially over. Similar ransomware may pop up from time to time, but security experts have been able to identify a kill switch to shut down the threat. Emotet’s threat persists because it is markedly different from ransomware.
Emotet: Malicious Development Tool
Unlike WannaCry, Emotet is a constant work in progress. Technically, it is an advanced polymorphic trojan — a type of malware with malicious scripts that also incorporates social engineering techniques. It is usually spread by email. The email might contain a link that leads to a downloader document or can have the malicious document as an attachment.
Once the email attachment is opened, the latest version of Emotet moves itself to a directory and adds itself to the start-up folder. Emotet will spread across your network, grabbing credentials and increasing exposure. It only takes one machine, it evolves, and it keeps re-infecting to inflict maximum damage.
WannaCry has been defanged, but how are organizations supposed to handle an evolving threat like Emotet? The answer is security awareness training and advanced detection.
Security Awareness Training and Advanced Detection
Sophos is an organization’s best defense against the type of threat that Emotet poses. The Sophos Sandstorm is a powerful cloud-based sandbox that detects, blocks, and reports on threats. As a sandbox, threats such as Emotet are contained and thoroughly tested for security, resulting in zero-touch threat isolation. Deep learning means your threat monitoring is as evolving as Emotet, so your organization is prepared for the future.
Are you looking for expert guidance for your organization's security awareness training? Contact UTG today and learn how your organization can protect against today's ever-evolving threats.