Security News > 2022 > September > Emotet Botnet Started Distributing Quantum and BlackCat Ransomware

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware
2022-09-19 12:42

The Emotet malware is now being leveraged by ransomware-as-a-service groups, including Quantum and BlackCat, after Conti's official retirement from the threat landscape this year.

Emotet started off as a banking trojan in 2014, but updates added to it over time have transformed the malware into a highly potent threat that's capable of downloading other payloads onto the victim's machine, which would allow the attacker to control it remotely.

"From November 2021 to Conti's dissolution in June 2022, Emotet was an exclusive Conti ransomware tool the Emotet infection chain is currently attributed to Quantum and BlackCat," AdvIntel said in an advisory published last week.

Typical attack sequences entail the use of Emotet as an initial access vector to drop Cobalt Strike, which then is used as a post-exploitation tool for ransomware operations.

The notorious Conti ransomware gang may have dissolved, but several of its members remain as active as ever either as part of other ransomware crews like BlackCat and Hive or as independent groups focused on data extortion and other criminal endeavors.

A second surge in infections occurred between June and July, owing to the use by ransomware groups such as Quantum and BlackCat.


News URL

https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html