August 14, 2019

New York School District Claims Victory Over Emotet Trojan with Malwarebytes


Leading Protection and Remediation Provider Fully Recovers School Environment in Under 20 Days

Santa Clara, CA – August 14, 2019 – MalwarebytesTM, the leading advanced endpoint protection and remediation solutions, today announced the successful recovery of an Emotet outbreak for the East Irondequoit Central School District, which at one point had infected over 1,400 of the school district’s endpoints.

The East Irondequoit Central School District, located in New York, first engaged Malwarebytes during a critical Emotet Trojan outbreak that a legacy endpoint security provider failed to stop. The Emotet Trojan ran rampant across the district’s endpoint environment infecting 1,400 devices and impacting network operations across the district. Once on board, Malwarebytes was able to isolate, remediate and recover all infected endpoints without completely disrupting the network for students or staff in under 20 days.

“Organizations from all industries and regions are turning to Malwarebytes when Emotet or other threats get past existing security solutions. Our unique ability to isolate the infected endpoints in the middle of an attack and remediate gives customers the ability to quickly recover and regain control of their systems,” said Marcin Kleczynski, CEO of Malwarebytes. “Malwarebytes was created to help companies fight against all types of threats. Working with this school district to protect its students and faculty shows the real-life implications of cyberattacks in our nation’s critical infrastructure.”

Malwarebytes Cloud Platform provided a command-central point for endpoint detection and response efforts, allowing the team to access the dashboard remotely and monitor progress. This allowed them to view the full scale of the outbreak and track efforts to contain the outbreak in real-time. By isolating infected endpoints and limiting communication to the online dashboard, the team was able to protect machines throughout the remediation process, with minimal disruption to other IT processes.

“Malwarebytes made it possible to knock down the Emotet infection in 20 days without taking down our network,” said Joseph Sutorius, Chief Information Officer for the East Irondequoit Central School District. “Without Malwarebytes, our remediation would have taken significantly longer and would have required a network interruption during our busiest time of the school year.”

In a recent report, Malwarebytes Labs found that educational institutions and students are prime targets for cybercriminals, given school networks often lack strong protection due to limited budgets and resources. Key findings in this sector include:

  • In this first half of 2019, Emotet, Trickbot and Trace have been particularly active in Education, with the three representing nearly half of all Trojans detected (44 percent) and more than 11 percent of all compromises.
  • Trojans have accelerated their attacks among industries, up 132 percent in 2018
  • Education was the top industry impacted by Trojans in 2018 and is accelerating in 2019
    • Trojans represented almost 30 percent of all detections in institution-owned devices.
    • Among devices plugging into the network, Trojans represent the single largest threat category, even above generic Malware and Adware detections.
      • One in three (33 percent) of these compromised non-institution-owned devices carry Trojans, globally:
        • Germany – 34 percent
        • US – 26.8 percent
        • Australia – 21 percent
        • Singapore – 17 percent
        • UK – 5 percent
  • In 2018, Education was the top industry for Adware compromises, Trojan detections, and second on the list of verticals most commonly hit with ransomware.
  • This continues in the first half of 2019, with Adware, Trojans and Backdoors the three largest categories of threats identified among Education institutions’ devices.
    • Adware – 43 percent
    • Trojans – 25 percent
    • Backdoors – 3 percent

Additionally, data from educational institutions and .edu domains from March 2018 to March 2019 found:

  • The second most prevalent threat were identified as backdoor threats.
  • There was a high spike in detection activity in July 2018 and September 2018 for Trojan infections from .edu emails overall.
  • Spyware infections to these domains spiked in August 2018, suggesting that summer is a prime time to hit students and educational institutions, while they are low on staff and perhaps less vigilant about security practices.
  • Summer shows .edu email addresses are also most likely being used on a wide array of other networks as students travel home and beyond, putting them at increased risk to infect devices which will be brought back onto campus networks in the fall.

Malwarebytes also recently launched a new initiative to help students get access to premium protection – and help fund technology education. Students with .edu email addresses can get four years of premium protection for just a $5.00 donation. Since launching in May, this program has raised more than $50,000 to advance technology education. To apply for this discount, visit:

To read more about Malwarebytes for education visit:, visit our blog, follow us on Twitter, or check us out on LinkedIn.

About Malwarebytes Malwarebytes is trusted to protect people and businesses against the latest dangerous cyberthreats including malware, ransomware and exploits that traditional antivirus solutions fail to catch. Malwarebytes’ offers comprehensive defense and recovery technologies to safeguard devices whether at home or in the office, enabling users to protect themselves anywhere, anytime. Malwarebytes’ team of researchers and security experts protect more than 60,000 businesses and millions of people worldwide, combatting millions of threats daily using artificial intelligence and machine learning to identify behavior and catch new threats rapidly. Driven by a desire to protect everyone’s right to a malware free existence, CEO Marcin Kleczynski founded Malwarebytes in 2008, and has grown the company to over 750 employees across the world today. The company is headquartered in California with offices in Europe and Asia. For more information, visit                               

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.