Acronis Cyber Protect
formerly Acronis Cyber Backup

The Quantum and BlackCat ransomware gangs are now using the Emotet botnet to deploy their payloads. Emotet was first deployed as a banking trojan in 2014, and has since evolved into a network of compromised computers.

The Emotet botnet is now being used to install a Cobalt Strike beacon on infected systems as a second-stage payload, allowing attackers to move laterally and deploy ransomware payloads across the victim's network. Emotet (just like Qbot and IcedID) has also switched to Windows shortcut files (.LNK) from using Microsoft Office macros as an attack vector to infect devices.

Emotet has been inflicting quite a lot of damage since the start of the year. It has tracked more than 1.2 million infected systems worldwide, with a peak in activity between February and March.

The Advanced Email Security pack for Acronis Cyber Protect Cloud detects emails with malicious attachments or malicious URLs and filters them automatically, preventing these threats from ever reaching users' inboxes. 

About Acronis

Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.

More from Acronis