26 September 2022  —  Eric Swotinsky
Incident reports

Emotet botnet used to deliver Quantum, BlackCat ransomware

The Quantum and BlackCat ransomware gangs are now using the Emotet botnet to deploy their payloads. Emotet was first deployed as a banking trojan in 2014, and has since evolved into a network of compromised computers.

The Emotet botnet is now being used to install a Cobalt Strike beacon on infected systems as a second-stage payload, allowing attackers to move laterally and deploy ransomware payloads across the victim's network. Emotet (just like Qbot and IcedID) has also switched to Windows shortcut files (.LNK) from using Microsoft Office macros as an attack vector to infect devices.

Emotet has been inflicting quite a lot of damage since the start of the year. It has tracked more than 1.2 million infected systems worldwide, with a peak in activity between February and March.

The Advanced Email Security pack for Acronis Cyber Protect Cloud detects emails with malicious attachments or malicious URLs and filters them automatically, preventing these threats from ever reaching users' inboxes.