Emotet banking malware infects entire email system of Quincy City Hall

• Quincy City Hall was infected with Emotet banking trojan, as a result of which the entire email system was hacked.
• The attack shut down the city hall’s entire computing system for 5 days.

A cyberattack leveraging the Emotet banking trojan hit the Quincy City Hall. The attack led to the entire email system having been hacked.

Emotet is a well-known banking malware used by cybercriminals to steal financial information such as bank login details, cryptocurrency wallets, and more. Emotet can also exfiltrate other sensitive information such as login credentials, personally identifiable information (PII), proprietary data, and more. This malware can also be used as a transport conduit, to download other banking trojans.

What happened

According to Patriot Ledger, Chris Walker, a spokesperson for the mayor’s office, confirmed that Quincy city’s email accounts were hacked and used for an online phishing campaign.

• Quincy city residents were advised by Walker to be cautious while opening any unsolicited emails from @quincyma.gov addresses, as these type of emails might contain malware droppers ready to download and execute Emotet payloads.
• The city residents were advised not to open the attachments or emails.
• People were also advised to delete the phishing email from their inboxes.

The entire computing system was shut for 5 days

"Between Wednesday, November 21, 2018 and Sunday, November 25, 2018 the information technology department shut down all city servers and computers to clear out the virus. Emails and the city website were down for the holiday weekend,” Walker said.

During those five days, the Quincy City Hall's IT department cleaned every server and system on the network, making sure that the Emotet banking trojan was removed.

“Members of our IT department physically went building to building to make sure everything was cleaned up in those five days. It should be wrapping up now,” Walker added.

Although the Emotet banking trojan was removed from the City Hall's computing systems, the phishing campaign might still be active with some emails reaching the city people.

“It is possible that there is a lag time in killing the virus and that a few emails could still be going out, but the problem has been solved,” Walker said.