Emotet, the malware dropper that gained greater notoriety in recent weeks for its involvement in the Ryuk Ransomware incident that affected Onslow Water and Sewer Authority (ONWASA), reported by WaterISAC here, has awaken from its brief respite. Starting yesterday (31 October 2018), researchers from cybersecurity firm Kryptos Logic observed the group responsible for Emotet are not only active, but added an email exfiltration module to its current bag of tricks. It is not uncommon for malware to syphon email addresses, or threat actors to gain access and leverage current email threads. However, Emotet’s new module is crawling every email of every sub-folder in the interpersonal message (IPM) root folder of Microsoft Outlook clients, capturing and sending to the attacker the sender name and email address, recipient name and email address, subject, and body for the past 180 days of email history. Researchers are not yet sure of the goal for this mass-harvesting of message content, but the significant level of detail contained in these emails could likely be leveraged for highly targeted campaigns, including business email compromise (BEC), wire-fraud, and/or ransomware attacks. Emotet continues to demonstrate its effectiveness and resilience; its activity is greatest in the US, and has been notably active among state and local municipalities. ZDNet