“Emotet has always been one of the most widespread malware families in recent years. What are the long-term benefits of breaking up Emotet? A comment from FireEye.
While it has historically been linked to home banking fraud, the malware has also been used to spread spam and secondary malware since 2017. We believe this was done on behalf of a limited number of groups using Emotet as malware-as-a-service.
Ransomware campaigns with Emotet
Between October 2020 and January 2021, we observed that Emotet was spreading several variants of malware. These were used to enable ransomware campaigns. Thus, it seems plausible that breaking up Emotet could reduce the immediate victims of ransomware attacks in the short term. However, Mandiant has observed in the past how hacking groups rebuild their botnets after other takedown or smashing actions. The likelihood of this scenario depends on the status of the arrested people.
Helpful actors: Trickbot, Qakbot and Silentnight
The actors behind Emotet sometimes cooperate with other well-known malware campaigns, including Trickbot, Qakbot and Silentnight. In addition to the spread of these malware families as secondary malware by Emotet, we have occasionally observed in the past that these malware families also spread Emotet in reverse. These existing partnerships and re-spamming could be used to rebuild the botnet. ”- Kimberly Goody, Senior Manager of Cybercrime Analysis, Mandiant Threat Intelligence at FireEye
More at Barracuda.com
About Trellix Trellix is a global company redefining the future of cybersecurity. The company's open and native Extended Detection and Response (XDR) platform helps organizations facing today's most advanced threats gain confidence that their operations are protected and resilient. Trellix security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to support over 40.000 business and government customers.