Emotet – A Tale of Two Cities: How One Municipality Neutralized the Threat Quickly

The Emotet virus has crippled Allentown, PA and is expected to cost an estimated $1 million dollars to fix the damage and remove the virus from all the systems. But a separate unnamed city was also infected by Emotet recently.
 

In February 2018, the Emotet virus infected Allentown PA's computer system and has cost over $1 million dollars to fix the damage and remove the virus from all the systems.

During a similar timeframe, the same virus wormed its way into an unnamed cities' system, looking to cause similar or worse damage. However, the reason this city remains unnamed is because Emotet was stopped cold in its tracks, within an hour of installing SIEMphonic Essentials.

Just a little background on the Emotet virus. It has been around since 2013 and started as a banking trojan but continues to evolve and avoid detection. Using a brute force attack, it has the ability to steal address book data, crack and steal network passwords, and perform denial of service attacks on connected systems.

Unfortunately, due to the ever-changing nature of this virus, most solutions are inefficient and ineffective in trying to locate and stop the spread. Plus, the expense can be overwhelming. The 3 types of companies you would traditionally look at for this type of protection and the reasons why they are not a good fit are:

  • Traditional big players mainly just black list and therefore are ineffective
  • New big player companies that have a white list generally force a complete lock down, which is not practical for most businesses since it leads to production loss. Plus the talent it takes to manage their systems adds additional expenses
  • Behavior based companies often end up difficult to deploy and leaves users with false positive fatigue

So what is the key to stopping these threats? 24/7 alert monitoring gives you the "smart eyeball" you need on your system to monitor and catch these threats before they spread too far.

In the webcast above, CARVIR and EventTracker share how on the same days as installation, suspicious activity was noticed and within 24 hours, this threat was neutralized. Within the week the threat was eradicated and recover process was under way. Without spending $1 Million.

Consistent and persistent threats are not going away. And it takes a team to protect and defend against the armies of threat actors coming after your business. Virus' and malware don't take nights and weekends off, and neither should the eyes watching your systems. That's why a SOC is so important to your companies' safety.

In the webcast above, you'll hear a real story of infection, detection, response and eradication. You'll see a timeline of what happened, and just how quickly your business can be protected.

Are you concerned about the cost of implementing a SOC? Consider co-managed services such as SIEMphonic.