As reported last Tuesday in WaterISAC’s Security & Resilience Update, the Emotet botnet has reappeared despite the global law enforcement takedown early this year. Researchers believe this re-emergence will provide ransomware actors with initial access into compromised networks for future exploitation and follow-on attacks. Emotet was previously very successful because its “strategic, operational, and tactical agility was executed through a modular system enabling them to tailor payload functionality and specialization for the needs of specific customers,” according to Advanced Intelligence (AdvIntel). Furthermore, AdvIntel strongly believes the Conti ransomware group convinced former Emotet operators to start operating again. If true, this “partnership” is expected to give Conti an advantage over other ransomware operators if they are able to leverage Emotet’s functionality. Read more at BleepingComputer.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!