Who Is Behind the Comeback of Emotet?

Conti ransomware is a very dangerous malicious actor because of how quickly it encrypts data and spreads to other computers.

To get remote access to the affected PCs, the organization is usually utilizing phishing attempts to install the TrickBot and BazarLoader Trojans.

What Happened?

Emotet botnet has been reactivated by its previous operator, who was persuaded by members of the Conti ransomware group.

As reported by BleepingComputer, following a lengthy period of malware loader scarcity and the decrease of decentralized ransomware operations, the botnet has resurfaced, allowing organized criminal syndicates to resurface.

Emotet’s biggest customers were Qbot and TrickBot, which utilized their access to spread ransomware (e.g. Ryuk, Conti, ProLock, Egregor, DoppelPaymer, and others).

Emotet’s strategic, operational, and tactical agility was executed through a modular system enabling them to tailor payload functionality and specialization for the needs of specific customers.


Because the botnet operators supplied early access on a large scale, many malware operations, particularly those in the so-called Emotet-TrickBot-Ryuk triangle, relied on Emotet for their attacks.

 After the takedown of Emotet, the demand for an efficient source of high-quality access and advanced dissemination was not matched with a proper supply. According to AdvIntel’s sensitive source

Read More: https://heimdalsecurity.com/blog/who-is-behind-the-comeback-of-emotet/