Some former guests of the historic Hotel Warner, which first opened in 1930, have become victims of a malicious email campaign that is spoofing the hotel's email addresses and domain name in order to spread Emotet malware.
The emails contain a ZIP file that itself contains a Windows LNK file with obfuscated PowerShell commands that download and install Emotet on the victim's system.
Beginning in late April, Emotet has been observed utilizing 64-bit modules, moving away from modules that will run on older 32-bit operating systems, and has been using a new custom loader that requires specific input values to make analysis more difficult.
The Advanced Email Security pack for Acronis Cyber Protect Cloud scans every incoming email, and blocks malicious messages from reaching users' inboxes in the first place.