Emotet Resurfacing as Power Player in Ransomware Wars, Avertium Warns
Avertium, a Top 250 MSSP, releases report that dives deep into the notorious Emotet botnet and warns of its criminal intent.
Avertium, a Top 250 MSSP, has released a new threat intelligence report that takes a deep dive on the notorious Emotet botnet and warns organizations of its criminal capabilities.
Emotet has a history of disappearing and re-emerging, most notably going underground following a surgical takedown in eight countries that dismantled the world’s most dangerous malware operation in January 2021. International law enforcement, including the Federal Bureau of Investigation (FBI), gained control of Emotet’s infrastructure. This effort involved hundreds of servers located globally by taking it down from the inside and redirecting the infected machines of victims to a law enforcement environment.
Emotet has been linked to many destructive ransomware infections and associated with TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil-associated attacks. The malware, first discovered as a banking trojan in 2014, evolved over time to become the kingpin platform for cyber hijackers.
Emotet was sold as a service to smaller operatives and criminal groups as an access key to compromised systems vulnerable to data theft and ransomware extortion. Following the law enforcement action, the syndicate disappeared for the next 10 months, but beginning in Q1 2022 reappeared with new tactics and targets.
A Deeper Dive Into Emotet
Here’s what’s new with Emotet:
- In March 2022 during U.S. tax season, Emotet was pretending to be the IRS and sent fake tax forms and bogus federal tax returns to victims.
- By July 2022 researchers were reporting Emotet as the top malware threat.
- Cyber researcher AdvIntel observed a total of 1,267,598 Emotet infections worldwide so far this year. Activity from Emotet peaked between February and March 2022, kicking off during the start of the Russian-Ukraine conflict. On August 8, 2022, AdvIntel confirmed that two education entities in Kansas City were infected with the botnet. Additionally, on August 12,…