In 2018, Allentown’s city government had been breached and invaded by a serious virus known as Emotet, or possibly a new variant of the Emotet malware that adds functionality to make it more dangerous and less easy to detect and remove. Variants of this malware have been a known threat globally since at least 2014, but attackers have been evolving it to better evade detection and mitigation systems since that time. This case study reviews the impacts of and mitigation strategies for such incidents which can affect major parts of a city's critical operations.
Emotet is typically propagated through Microsoft Word email attachments that are laden with malicious scripts, or macros, that download and install the virus onto a local computer that then looks for connected network devices and folders to spread to. This particular virus originally functioned as a banking trojan which looks to steal financial information by injecting computer code into the shared folders and drives of connected computers on a network. Emotet now also possesses the capability to steal address book data, crack and steal network passwords, and perform denial of service (DoS) attacks on connected systems. It had infected critical systems within nearly all of Allentown government and forced the city to shut down a large portion of their information operations for a lengthy period of time, causing impacts to numerous operations ranging from tax collection to traffic cameras.
File Checksum (SHA256): ba9340c96cae2b57c98cbf3d31c80cd9aab21a9970dbdbf97d61125bf0ae2ae6