Active exploitation of a vulnerability in Oracle WebLogic. officially named CVE-2019-2725, Malicious spam or phishing campaigns with links or attachments, Compromised or infiltrated managed service providers (MSPs) to push the ransomware en-masse.
Source: Bitdefender 2020
Emails Claiming they had Edward Snowden’s new book, Permanent Record, as a Word attachment were infected with Emotet...
Social Engineering - * Source Ponemon Institute 2019