ClickCease Ransomware gangs breach organizations with Emotet botnet

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Quantum, BlackCat ransomware gangs breach organizations with Emotet botnet

Obanla Opeyemi

September 29, 2022 - TuxCare expert team

According to security researchers from AdvIntel, ransomware gangs such as Quantum and BlackCat are now using the Emotet malware in attacks.

Emotet started as a banking Trojan in 2014 and although it has developed over the years into a sophisticated botnet, it has been closely associated with the Conti ransomware gang.

The functionality of Emotet helps to avoid detection by some anti-malware products. Emotet uses worm-like capabilities to help spread to other connected computers.

Emotet is a Trojan that is primarily distributed via spam e-mail and can trigger the infection either via malicious scripts, macro-enabled document files or malicious links.

“From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat,” AdvIntel said in an advisory.

It is believed that the members of the now disbanded Conti ransomware gang are either part of other ransomware gangs such as BlackCat and Hive or as independent groups that focus on data extortion and other criminal enterprises.

According to AdvIntel, more than 1,267,000 Emotet infections have been observed worldwide since the beginning of the year, with activity peaks recorded in February and March. Typical attack sequences include the use of Emotet (aka SpmTools) as the first access vector to drop Cobalt Strike, which is then used as a post exploitation tool for ransomware operations.

A second increase, attributed to Quantum and BlackCat, occurred between June and July. Data show that the US, Finland, Brazil, the Netherlands and France are among the countries most targeted by Emotet.

Emotet is now used to deliver more banking Trojans. Early versions of Emotet were used to attack bank customers in Germany, while later versions of Emotet targeted organizations in Canada, the United Kingdom and the United States.

Below are tips to protect users from Emotet

1. Keep computers/endpoints up to date with the latest patches.

2. Do not download any suspicious attachments or click on a dodgy looking link.

3. User training on strong password creation.

4. Robust cybersecurity program.

The sources for this piece include an article in BleepingComputer.

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023