This week, the Emotent virus hit an entire city’s computer systems, that of Allentown in Pennsylvania. The Mayor, Ed Pawlowski, announced on Tuesday that the town had been forced into shutting down some of its financial and public safety operations due to the virus.
Pawlowski updated the Allentown City Council with information on the Emotet virus, which he said had first attacked the city a week ago and has since been self-replicating, stealing the city passwords of city employees and hacking into their accounts. The virus is threatening all the town’s systems that run Microsoft, including its surveillance camera network of 185 cameras around the city.
“The city is not operating some of its systems as a precaution. The situation is under control, but it is not yet mitigated. Until it is eradicated, it has the potential to infect all city systems,” Mike Moore, Allentown’s communications director, told WFMZ-TV, the network reported Tuesday.
Preventative measures have stopped Allentown’s finance department from finalizing external banking transactions and blocked its police department from accessing Pennsylvania State Police databases, the mayor said.
Microsoft representatives were hired by the city as an emergency measure and managed to contain the virus. Pawlowski said it would cost up to $1M to pay for the unanticipated costs, including a recovery phase aimed at repairing the damage the virus has done. He didn’t reveal many further details, saying they were unsure yet whether they were dealing with an internal virus or if it were an external attack; and, “if it is a hacker, they can always modify their attack”. He and his IT director Matthew Leibert confirmed that law enforcement were involved in a criminal investigation.
Emotet has gone through various iterations over the last four years since it was first detected, using keystroke recording and other methods to steal financial and private information from its targets. It is typically hidden in corrupted Microsoft Word documents, which are sent as email attachments disguised to look like other things, such as payment vouchers. Officials warned residents against opening emails with attachments that appear to come from the city, as that could spread Emotet to home users.
Experts say that owing to the fact that Emotet is “polymorphic” i.e. its code can change as it goes, it can evade virus protection and firewalls, allowing it to infect networks at a very rapid pace. “This particular virus actually is unlike any other virus. It has intelligence built into so it keeps adapting to our systems, thus evading any firewalls that we have up,” Mr. Pawlowski said.