Qbot Malware Infects Healthcare Organizations in 30 minutes

Virsec prevents Qbot infection 
in milliseconds

• DFIR released an analysis noting that Qbot can compromise data within 30 minutes of initial infection.
• Qbot has been used aggressively to target the U.S. healthcare sector.
• Qbot is often used in multi-stage attacks, and to drop ransomware.

Virsec stops Qbot at the very first stage of 
the attack by:

1. Detecting the DLL Qbot is trying to inject onto the system and recognizing that is not a known file does not have good provenance. 
2. A Positive Model ACP Policy in Virsec would deny Powershell execution