Trickbot brings Emotet back to life

Wie doppelte Erpressung mit der Egregor-Ransomware funktioniert


Check Point warns of a flood of ransomware attacks

The security researchers at Check Point Research (CPR) see a revival of the infamous Emotet bot network by fellow Trickbot. Both had already worked together in the past and so it is not surprising that the shutdown of Emotet was only possible temporarily. Emotet was once called the “most dangerous ransomware in the world”; now CPR estimates the number of trickbot Emotet victims to be 140,000 people in just 10 months, spread over 149 countries.

New Emotet variants , which are distributed via Trickbot, were discovered by CPR on November 15, 2021 – 10 months after the authorities had accessed them and the supposed end of the bot network. This is a clear indicator of a flood of ransomware attacks, as such botnets open a backdoor, especially to ransomware gangs. So far, there are these findings:

  • Portugal and the USA were the main targets of Trickbot.
  • The most important of the sectors affected are the authorities, finance and industry.
  • Trickbot relies heavily on a small number of IP addresses for distribution.

Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software Technologies

Lotem Finkelsteen, Head of Threat Intelligence at Check Point Software, warns: “Emotet was the strongest botnet in the history of cybercrime. Now it has sold its strong foundation to other hackers to spread the malware quickly, mostly to ransomware gangs. The comeback of Emotet is a warning sign regarding a further increase in ransomware attacks in 2022, our best indicator. The Trickbot malware, which has always worked with Emotet, facilitates the return of the botnet because it helps it to spread. So Emotet starts from a very solid position, instead of from zero. In just two weeks, Emotet has become the seventh most popular malware in the world, as can be seen in our global list of top malware. We should also treat Emotet and Trickbot infections as if they were ransomware itself, otherwise it is only a matter of time before a real ransomware attack occurs.“

Ready to see us in action:

More To Explore
Enable registration in settings - general
Have any project in mind?

Contact us: