Why the Emotet Resurgence by AdvIntel
Industry: N/A | Level: Strategic | Source: AdvIntel
Researchers at AdvIntel observed November 14th, 2021, a resurgence of Emotet and postulates it being the result of, “unfulfilled loader commodity demand, decline of the decentralized RaaS (Ransomware-as-a-Service) model, and the return of the monopoly of organized crime syndicates such as Conti.” Based on AdvIntel’s intelligence tracking, the resurgence appears to have been initiated by a former Ryuk member who convinced a former Emotet operator to rebuild and set up the malware builder. Given the effectiveness of Emotet providing initial access, the prediction is a potential rise/dominance of Conti ransomware. All appear to be motivated by previous successes of an alliance between Emotet, TrickBot, and Ryuk in 2018.