As you already know that the infamous Emotet is back, riding on TrickBot. However, there have been some recent developments that are quite threatening.
What’s going on?
Emotet operators have increased the number of C2 infrastructure from eight to fourteen by the end of Tuesday. In addition, some researchers, upon analyzing Emotet’s code, confirmed that the malware has been upgraded, along with its infrastructure, for an improved, secure, and robust operation. They, furthermore, added that the current Emotet operator(s) has access to the source code from the original malware that was shut down by law enforcement. Cryptolaemus researchers have discovered that there has been a new development in the malware delivery in the shape of URL-based lures, along with the convention method propagation method via .zip and .docm attachments.
Why it matters
Research by AdvIntel indicates that the resurrection of Emotet will result in the largest shift in the 2021 threat ecosystem due to the following reasons:
Emotet’s unparalleled loader capabilities.
These capabilities align with the demands of the current cybercrime market.
The cumulative impact of the above points is in the form of the TrickBot-Emotet-Conti triad.
Wait, where does Conti fit in?
The resurgence of Emotet is the direct result of the Conti gang convincing the former’s operator into bringing the malware back. When Emotet was taken down, top-tier gangs such as Conti and DoppelPaymer were left without a feasible option for high-quality initial access. Conti, with at least one former member from Ryuk (Conti’s predecessor) and in partnership with TrickBot (Emotet’s biggest client), urged Emotet operators to come back. AdvIntel researchers are certain that Conti will deliver its payloads to top targets via Emotet once it grows, to become a dominant name in the ransomware landscape.
Taking everything into account
It is not a coincidence that Emotet is back into the cybercrime ecosystem and will cause major transformations. As the ransomware world is becoming increasingly monopolistic, better opportunities for botnet developers, such as Emotet, are arising. Moreover, an alliance between TrickBot, Emotet, and Conti is expected to become a potential approach for cybercriminals.