Emotet made up nearly three-quarters of “precursor” malware detected by Lumu in 2021, the startup said in its 2022 Ransomware Flashcard. Phorpiex was the second most detected precusor malware in 2021, at 13%, Lumu said.
Threat actors rely on precursor malware to spread laterally through the network and escalate access before deploying the ransomware payload. A ransomware attack chain consists of initial access, which could be phishing, a vulnerability exploit, or malware; precursor malware such as Emotet, Dridex, and Trickbot; and the actual ransomware to encrypt the data and make it inaccessible.
