Threat Awareness – Emotet Botnet Now Delivering Quantum and BlackCat Ransomware

The infamous Emotet botnet is now being used by attackers to deliver Quantum and BlackCat ransomware, based on a report by the cybersecurity firm AdvIntel. Emotet is a very common malware and AdvIntel has observed 1,267,598 total Emotet infections worldwide during the first nine months of 2022. Emotet typically propagates via email phishing campaigns and often hijacks email threads. After an Emotet infection, the malware can be used for multiple malicious activities, including installing Cobalt Strike on infected systems to enable attackers to move laterally and deploy ransomware payloads across the victim’s network. The Emotet infection chain is currently attributed to Quantum and BlackCat ransomware actors. Demonstrating the botnet’s resilience, in April, WaterISAC reported on Emotet threat actors’ testing new tactics and techniques to stay ahead of network defenders. Since Emotet spreads primarily via email, one of the best defensive methods is to encourage users to be extra vigilant regarding suspicious emails and to verify everything. Access the full report at AdvIntel or read more at BleepingComputer.