Security News > 2022 > September > Emotet botnet now pushes Quantum and BlackCat ransomware
While monitoring the Emotet botnet's current activity, security researchers found that the Quantum and BlackCat ransomware gangs are now using the malware to deploy their payloads.
"The Emotet botnet has fueled major cybercriminal groups as an initial attack vector, or precursor, for numerous ongoing attacks," security researchers at intelligence company AdvIntel said.
"From November 2021 to Conti's dissolution in June 2022, Emotet was an exclusive Conti ransomware tool the Emotet infection chain is currently attributed to Quantum and BlackCat."
This matches Conti's attack flow that included Emotet after its revival, minus the initial access vector through the TrickBot botnet.
The Emotet malware was first deployed in attacks as a banking trojan in 2014 and has evolved into a botnet used by the TA542 threat group to steal data, perform reconnaissance, and move laterally throughout victims' networks, as well as to deliver second-stage malicious payloads.
Thankfully, Emotet campaigns are not very active, if at all, right now, with most malware phishing campaigns revolving around Qbot and IcedID. However, that could quickly change and lead to rapid deployment of ransomware attacks, so Emotet continues to be a malware defenders have to look out for.