November 19, 2021 — Eric Swotinsky
Incident reports

Emotet reappears on the back of TrickBot

Acronis Cyber Protect Cloud

The notorious Emotet botnet has returned, a mere 10 months after it was taken down by a joint law enforcement operation. Emotet was one of the most active botnets in recent years, and will likely retake its former place as a top cyberthreat.

Emotet has typically been spread via malicious email attachments. It would then retrieve additional malware payloads, often ransomware. The new wave of Emotet is using the TrickBot trojan to install a new DLL that looks like Emotet, which could indicate that TrickBot is being used to rebuild the illicit network of Emotet-infected systems.

The updates to Emotet's code do not conclusively indicate if the malware's controllers are a new group, or if they were involved with the previous botnet. At this time, there are no reports of malicious emails being sent out by the new botnet, but it's only a matter of time before these start to appear.

Acronis Advanced Email Security blocks malicious emails, such as the ones from Emotet, before they reach users' inboxes. Even without these optional advanced features, any malware that does reach protected systems is automatically blocked by the AI-powered and behavioral detection engines in Acronis Cyber Protect.