Alert status HIGH Emotet provides an attacker with a foothold in a network from which additional attacks can be performed, often leading to further compromise through the deployment of ransomware. How it works The Emotet malware appears as a normal or useful file attachment in emails (.doc, .docx, .pdf), but includes hidden code which allows cybercriminals to access and control your devices or computer systems. It can also appear as a website hyperlink in emails. Emotet malware infects devices or computers if users click on links or open files in these emails, which are sent as phishing emails to make them look like they come from someone you know, or an organisation you deal with. Once a user account is infected, the malware forwards itself to all the users’ email contacts, increasing the likelihood of further infection.