ACSC warns of widespread exploitation of vulnerable systems via Emotet malware

Australian Cyber Security Centre

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is responding to a widespread malware campaign known as Emotet.

Emotet is a Trojan virus delivered via emails sent with malicious attachments.

Head of the ACSC, Rachel Noble said,”Due to the scale of the campaign, and the risk of economic impact, the National Cyber Security Committee (NCSC) has activated the national Cyber Incident Management Arrangements (CIMA) to Level 3 – Alert”.

The CIMA provides the foundation for coordinating the Government’s response to national cyber incidents.

“The ACSC is working closely with state and territory governments to limit the spread of this computer virus and to provide technical advice and assistance and to support organisations that are affected”.

“Cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge”.

Emotet malware is spread when unsuspecting email users click on links or open files containing malicious code. Trojan viruses like Emotet appear as normal files, but include hidden information allowing cyber criminals access to and control of devices or systems. Email users should always exercise caution before opening emails and attachments.

This campaign uses targeted and untargeted ‘phishing’ emails to spread the virus.

The same advice to protect yourself against malware applies to ransomware.

“If Emotet infects your computer, it will open up a backdoor that will allow the cybercriminal to inject ransomware that could freeze your network”, Ms Noble said.

The threat is real but there is something you can do about it.

Information on how to protect yourself and your organisation from this virus is available at

Do not pay the ransom if affected by ransomware. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.

The ACSC’s technical advice for organisations affected by this campaign is available here.

To prevent malwareinfection, the ACSC recommends Australian critical infrastructure, business and government organisations take the following steps immediately:

  • block macros
  • alert staff to the virus and what to look for
  • maintain firewalls
  • scan your network
  • develop an incident response plan
  • maintain offline backups
  • implement complementary security controls.

/Public Release.