The Quantum and BlackCat ransomware gangs are now using the Emotet botnet to deploy their payloads. Emotet was first deployed as a banking trojan in 2014, and has since evolved into a network of compromised computers.
The Emotet botnet is now being used to install a Cobalt Strike beacon on infected systems as a second-stage payload, allowing attackers to move laterally and deploy ransomware payloads across the victim's network. Emotet (just like Qbot and IcedID) has also switched to Windows shortcut files (.LNK) from using Microsoft Office macros as an attack vector to infect devices.
Emotet has been inflicting quite a lot of damage since the start of the year. It has tracked more than 1.2 million infected systems worldwide, with a peak in activity between February and March.
The Advanced Email Security pack for Acronis Cyber Protect Cloud detects emails with malicious attachments or malicious URLs and filters them automatically, preventing these threats from ever reaching users' inboxes.
About Acronis
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 2,000 employees in 45 locations. Acronis Cyber Protect solution is available in 26 languages in over 150 countries and is used by 18,000 service providers to protect over 750,000 businesses.
