Bad actors are using Emotet Botnet to distribute Quantum and BlackCat ransomware after the official retirement of Conti Ransomware this year.
Emotet botnet, a banking trojan has been around since 2014. It has evolved to transform itself into a highly dynamic threat capable of downloading other payloads onto the victim’s machine, enabling the bad actors to take control remotely.
Law enforcements had taken down the infrastructure linked with the deadly malware loader in 2021, Conti ransomware made a comeback later last year.
AdvIntel in an advisory published last week said, “From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat.”
Attackers use a typical sequence to drop Emotet and Cobalt Strike on compromised machines. They then use Cobalt Strike as a post-explocon iterative exploit tool. Several members of the Conti ransomware gang are still active in other groups or as independent criminals. A group called Quantum also resorts to BazaCall as a tactic to gain access to targeted networks- more commonly known as call-back phishing.
Recorded Future reported last month, “Conti affiliates use a variety of initial access vectors including phishing, compromised credentials, malware distribution, and exploiting vulnerabilities.”
There are over 1,267,000 computer infections with Emotet, and the higher the infection numbers are in February and March, the more likely Russia’s invasion into Ukraine.
In June and July, there was a second surge in ransomware viruses. The most targeted countries are the U.S. followed by Finland, Brazil, the Netherlands, and France.
Check Point, the most renowned Israeli cybersecurity company, has reported that Emotet is no longer the dominant malware of August 2022. It now comes after FormBook, Agent Tesla, XMRig and GuLoa..
Free Decryptor for LockerGoga Ransomware Available
Microsoft Tracks a Large-Scale Click Fraud Campaign Targeting Gamers
LastPass Development Systems Under Hacker Control For Four Days