Security News > 2021 > November > Emotet botnet comeback orchestrated by Conti ransomware gang
The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang.
Considered the most widely distributed malware, Emotet acted as a malware loader that provided other malware operators initial access to infected systems that were assessed as valuable.
The botnet operators provided initial access at an industrial scale, so many malware operations depended on Emotet for their attacks, especially those in the so-called Emotet-TrickBot-Ryuk triad. AdvIntel researchers say that once Emotet disappeared from the scene, top-tier cybercriminal groups, like Conti and DoppelPaymer were left without a viable option for high-quality initial access.
"This discrepancy between supply and demand makes Emotet's resurgence important. As this botnet returns, it can majorly impact the entire security environment by matching the ransomware groups' fundamental gap" - AdvIntel.
The Conti group, with at least one Ryuk former member on board and in partnership with Emotet's biggest client, TrickBot, was in the best position to ask Emotet operators for a comeback.
AdvIntel researchers are confident that the Conti group will deliver their payload to high-value targets via Emotet once the botnet grows, and will become a dominant player on the ransomware scene.