The last 10 days have been really long for city officials in Allentown, PA.
Critical systems have been down.
Incident response experts have been called in.
And the city budget just took a major hit—with the meter still running.
It started when Allentown's IT department noticed a virus that turned out to be Emotet. And it got out of hand quickly, according to a report in the local news source, The Morning Call:
[Mayor Ed] Pawlowski said the city has an extensive system to prevent cyberattacks, but the virus has evaded the city’s antiviral software and firewalls.
"This particular virus actually is unlike any other virus. It has intelligence built into so it keeps adapting to our systems, thus evading any firewalls that we have up,” the Mayor told the paper.
The Emotet infection has been self replicating by harvesting employee credentials and using that information to spread rapidly.
The Morning Call reports the city's police department is now unable to access a key state crime database and cannot complete external financial transactions.
One financial transaction the city will have to complete, however, is the cost of incident response and then the repair work to come.
The city said at a meeting last week that will put the total cost near $1 million.
In researching how common it is for Emotet to self replicate rapidly, we came across research by Fidelis Security researchers on this very topic. They've seen bad actors using Emotet by adding a spreader component, which is something headline grabbing attacks have likely inspired.
"With the recent addition of spreading capabilities being added to ransomware it’s not at all surprising to see other malware families start to look into adding similar capabilities. It seems to be a common trend lately for malware developers to add in functionality based on what’s in the news which recently has been filled with all things wormable, which could mean this might be a continued trend for malware in the future."
And for Allentown, the future of the rapidly spreading malware is now.
So is the cost: $185,000 for incident response and nearly $800,000 to repair and restore systems in the weeks ahead.