NewsOnline Security

Emotet Botnet Strikes – Out with Conti in with Quantum and BlackCat

Ransomware is probably the biggest threat among all malware groups. The name Conti was frightening to every single company around the world. When the group decided to throw in the towel, everyone thought that good days are coming. Well, not when Quantum and BlackCat are around.

Unfortunately, the good news turned bad when these groups decided to take on the mantle. Utilizing none other than the Emotet Botnet, these RaaS (ransomware-as-a-service) groups are more dangerous than ever.

If you think Conti was scary, wait till you see what these two have been doing with an elevated and upgraded Emotet Botnet. We’ll discuss everything below.

Conti Dissolved – Members Still Practice

The cybercriminals world is filled with capable individuals and groups that seek our private information. One of the most known names is Conti – a RaaS group that ceased its operations earlier this year.

However, Conti was feared by everyone, it even went out with a bang – committing hacking practices against the biggest companies such as Frontier.

Now, Conti is no more, but apparently, some of its members have continued their malicious activities under different groups such as Quantum and BlackCat.

The Emotet Botnet started roaming the cyber world in 2014. Back then, it was just a simple banking trojan with limited capabilities. However, malware such as this can be useful to cybercriminals, which is why they worked on updating it.

Over time, Emotet transformed into a completely different kind of malware that’s capable of taking full control over the victims’ devices remotely. It does that by downloading other payloads on the machine.

According to Advintel, the Emotet, which was a Conti-exclusive, is now circulating again in an infection chain created by BlackCat and Quantum:

“From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat.”

These groups have been busy lately, targeting more than 25 countries across the globe with several data extortion and other criminal endeavors. The following image represents the extent of their attacks:

Emotet Distribution

The security firm has been tracking the groups’ activities for quite some time now. So far, it stated that it observed over 1,267,000 Emotet infections across the world ever since 2022 kicked off.

However, the peak of its attacks registered in February and March coinciding with the Russia – Ukraine conflict.

Emotet Botnet is Here to Stay

This malware doesn’t seem to be going anywhere. In fact, the surge in its activity didn’t just happen back in February, it also occurred between June and July.

Emotet Botnet is dangerous to the entire world. However, BlackCat and Quantum seem to be utilizing it more in specific countries. We’re referring to the likes of the US, followed by Finland, Brazil, the Netherlands, and France.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button