"Emotet Botnet Started Distributing Quantum and BlackCat Ransomware"

Ransomware-as-a-Service (RaaS) groups such as Quantum and BlackCat are now using the Emotet malware. Emotet began as a banking Trojan in 2014, but updates added to it have transformed it into a highly potent threat capable of downloading other payloads onto the victim's machine, allowing the attacker to remotely control it. Although the infrastructure associated with the invasive malware loader was taken down in January 2021 as part of a law enforcement effort, the Conti ransomware group is said to have played a key role in its resurgence late last year. Emotet was an exclusive Conti ransomware tool from November 2021 to Conti's dissolution in June 2022, but the Emotet infection chain is now attributed to Quantum and BlackCat, according to an advisory from AdvIntel. Emotet is typically used as an initial access vector to drop Cobalt Strike, which is then used as a post-exploitation tool for ransomware operations. Although the Conti ransomware gang has disbanded, several of its members are still active. They are either members of other ransomware groups such as BlackCat and Hive or part of independent groups focused on data extortion and other criminal activities. AdvIntel reported over 1,267,000 Emotet infections since the beginning of the year, with activity peaks in February and March coinciding with Russia's invasion of Ukraine. Ransomware groups such as Quantum and BlackCat caused a second surge in infections between June and July. According to data collected by the cybersecurity firm, the US is the most Emotet-targeted country, followed by Finland, Brazil, the Netherlands, and France. This article continues to discuss the use of Emotet malware by RaaS groups, including Quantum and BlackCat. 

THN reports "Emotet Botnet Started Distributing Quantum and BlackCat Ransomware"