Cyber Security

Emotet Botnet Began Distributing Quantum and BlackCat Ransomware

Written by admin

Emotet Botnet

The Emotet malware is now being leveraged by ransomware-as-a-service (RaaS) teams, together with Quantum and BlackCat, after Conti’s official retirement from the risk panorama this 12 months.

Emotet began off as a banking trojan in 2014, however updates added to it over time have reworked the malware right into a extremely potent risk that is able to downloading different payloads onto the sufferer’s machine, which might permit the attacker to manage it remotely.

Though the infrastructure related to the invasive malware loader was taken down as a part of a regulation enforcement effort in January 2021, the Conti ransomware cartel is claimed to have performed an instrumental function in its comeback late final 12 months.


“From November 2021 to Conti’s dissolution in June 2022, Emotet was an unique Conti ransomware software, nevertheless, the Emotet an infection chain is at the moment attributed to Quantum and BlackCat,” AdvIntel mentioned in an advisory printed final week.

Typical assault sequences entail using Emotet (aka SpmTools) as an preliminary entry vector to drop Cobalt Strike, which then is used as a post-exploitation software for ransomware operations.

The infamous Conti ransomware gang could have dissolved, however a number of of its members stay as lively as ever both as a part of different ransomware crews like BlackCat and Hive or as impartial teams targeted on knowledge extortion and different legal endeavors.

Emotet Botnet

Quantum can be a Conti spin-off group that, within the intervening months, has resorted to the strategy of call-back phishing – dubbed BazaCall or BazarCall – as a way to breach focused networks.

“Conti associates use a wide range of preliminary entry vectors together with phishing, compromised credentials, malware distribution, and exploiting vulnerabilities,” Recorded Future famous in a report printed final month.

AdvIntel mentioned it noticed over 1,267,000 Emotet infections internationally for the reason that begin of the 12 months, with exercise peaks registered in February and March coinciding with Russia’s invasion of Ukraine.


A second surge in infections occurred between June and July, owing to the use by ransomware teams comparable to Quantum and BlackCat. Information captured by the cybersecurity agency exhibits that essentially the most Emotet-targeted nation is the U.S., adopted by Finland, Brazil, the Netherlands, and France.

ESET beforehand reported a 100-fold leap in Emotet detections in the course of the first 4 months of 2022 compared to the previous 4 months from September to December 2021.

In accordance with Israeli cybersecurity firm Examine Level, Emotet dropped from first to fifth place within the checklist of most prevalent malware for August 2022, coming behind FormBook, Agent Tesla, XMRig, and GuLoader.

About the author


Leave a Comment