Trickbot rebirths Emotet: 140,000 Victims in 149 countries in 10 months

News Desk -

Share

Samples of Emotet are rapidly spreading through increases in Trickbot activity, according to Check Point Research (CPR). Emotet, dubbed the “world’s most destructive malware,” gives threat actors a backdoor into infected PCs, which they can rent out to ransomware gangs to use for their own campaigns. As a result, Emotet’s reappearance is a good predictor of future ransomware attacks.

Check Point Research (CPR) has issued a warning on the possibility of ransomware attacks, citing the rapid spread of Emotet samples via Trickbot. In the ten months since Emotet was shut down by law enforcement, CPR estimates that Trickbot has harmed 140,000 people in 149 countries. CPR identified new Emotet samples propagating through Trickbot on November 15, 2021. Emotet is a good predictor of future ransomware assaults because it gives ransomware gangs a backdoor into infected computers.

Lotem Finkelstein, Head of Threat Intelligence, at Check Point Software said:  “Emotet was the strongest botnet in the history of cybercrime with a rich infection base. Now, Emotet has resold its infection base to other threat actors to spread their malware; and most of the time, it’s been to ransomware gangs. Emotet’s comeback is a major warning sign for yet another surge in ransomware attacks as go into 2022. Trickbot, who has always collaborated with Emotet, is facilitating Emotet’s comeback by dropping it on infected victims. This has allowed Emotet to start from a very firm position, and not from scratch. In only two weeks, Emotet became the 7th most popular malware, as see in our recent Most Wanted Malware List .Emotet is our best indicator for future ransomware attacks. We should treat Emotet and Trickbot infections like they are ransomware. Otherwise, it is only a matter of time before we have to deal with an actual ransomware attack.”

An international law enforcement operation led by Europol and Eurojust took over the Emotet infrastructure and detained two people at the start of the year. On November 15, 2021, Trickbot-infected PCs began distributing Emotet samples by encouraging users to download password-protected zip files containing malicious documents that are rebuilding Emotet’s botnet network. Emotet’s operations have also been updated, with some new techniques added to the toolkit.

 below shows the victims of Emotet in the year 2021.

ins- ransomware attacks - Emotet - Trickbot - techxmedia

140,000+ Trickbot Victims 

Trickbot’s activity has been increasing at a steady rate. Since the botnet’s demise, CPR has identified over 140,000 Trickbot victims worldwide, including both companies and individuals. Trickbot impacted 149 countries in all, accounting for more than 75% of the world’s population.

Figure 2. Trickbot dynamic of infected machines since November 1, 2020

ins-Trickbot - ransomware attacks - Emotet - - techxmedia

Trickbot by Geography

Figure 3. Trickbot victims since November 1, 2020 grouped by countries

ins - ransomware -Trickbot - attacks - Emotet - techxmedia

Trickbot by Industry

CPR tracked a distribution of victims by industries which is reflected in the graph below. Victims from high profile industries constitute more than 50% of all the victims.

Figure 4. Trickbot victims since November 1, 2020 grouped by industries

ins - Emotet - ransomware -Trickbot - attacks - techxmedia

Leave a reply