Skip to main content

Widespread exploitation of vulnerable systems via Emotet malware

The ACSC is investigating a widespread malware campaign known as Emotet. Emotet is a Trojan virus delivered via emails sent with malicious attachments.

Cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge.

Email users should always exercise caution before opening emails and attachments.

Information on how to protect yourself and your organisation from this virus is available here.

To report a cyber security incident, visit

How does it work?

Trojan viruses like Emotet appear as normal files, but include hidden information allowing cyber criminals access to and control devices or systems.

Emotet malware is spread when unsuspecting email users click on links or open files containing malicious code.

This campaign uses targeted and untargeted ‘phishing’ emails to spread the virus.

The same advice to protect yourself against malware applies to ransomware.

Do not pay the ransom if affected by ransomware. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks. Restore your files from backup and seek technical advice.

What should I do if I’m targeted?

Protect your systems

The threat is real but there is something you can do about it.

The ACSC’s technical advice for organisations affected by this campaign is available here.

To prevent malware infection, the ACSC recommends Australian critical infrastructure, business and government organisations take the following steps immediately:

  • block macros
  • alert staff to the virus and what to look for
  • maintain firewalls
  • scan your network
  • develop an incident response plan
  • maintain offline backups
  • implement complementary security controls.

If you have any questions regarding this guidance you can contact us via 1300 CYBER1 (1300 292 371) or

Reporting a cyber security incident: individuals

Individuals can report a cyber security incident to the ACSC via ReportCyber.