As you already know that the infamous Emotet
is back, riding on TrickBot. However, there have been some recent developments that are quite threatening.
Emotet operators have increased
the number of C2 infrastructure from eight to fourteen by the end of Tuesday. In addition, some researchers, upon analyzing Emotet’s code, confirmed
that the malware has been upgraded, along with its infrastructure, for an improved, secure, and robust operation. They, furthermore, added that the current Emotet operator(s) has access to the source code from the original malware that was shut down by law enforcement. Cryptolaemus researchers have discovered that there has been a new development in the malware delivery in the shape of URL-based lures
, along with the convention method propagation method via .zip and .docm attachments.
by AdvIntel indicates that the resurrection of Emotet will result in the largest shift in the 2021 threat ecosystem due to the following reasons:
Emotet’s unparalleled loader capabilities.
These capabilities align with the demands of the current cybercrime market.
The cumulative impact of the above points is in the form of the TrickBot-Emotet-Conti triad.
The resurgence of Emotet is the direct result of the Conti gang
convincing the former’s operator into bringing the malware back. When Emotet was taken down, top-tier gangs such as Conti and DoppelPaymer were left without a feasible option for high-quality initial access. Conti, with at least one former member from Ryuk (Conti’s predecessor) and in partnership with TrickBot (Emotet’s biggest client), urged Emotet operators to come back. AdvIntel researchers are certain that Conti will deliver its payloads to top targets via Emotet once it grows, to become a dominant name in the ransomware landscape.
It is not a coincidence that Emotet is back into the cybercrime ecosystem and will cause major transformations. As the ransomware world is becoming increasingly monopolistic, better opportunities for botnet developers, such as Emotet, are arising. Moreover, an alliance between TrickBot, Emotet, and Conti is expected to become a potential approach for cybercriminals.