Ransomware actors are laundering hundreds of millions of dollars through pseudo-legitimate cryptocurrency exchanges, while early-stage malware that is often used to facilitate their attacks have become the most popular forms of malware in the world.
According to new analysis from Check Point, Emotet was the most popular malware variant in December, accounting for 7% of the organizations attacked for the month and 100,000 users every day as Christmas and New Years approached. After similar stints on top in September and October, the trojan saw a dropoff in November before roaring back ahead of the holidays. The malware “has now been updated with new malicious payloads and improved detection evasion capabilities.”
Emotet’s roll as one of the primary loaders for ransomware means it will likely continue to be one of the most widely used pieces of malware on the planet throughout 2021. The same is true for the next most popular malware, Trickbot, which impacted 4% of organizations and helps enable everything from ransomware and data theft to cryptojacking.
Other variants in the top 10, like Dridex and QBot, are also increasingly used in the kill chains of ransomware groups such as Egregor. Egregor – which has been absorbing operators and infrastructure from once-rival Maze Group in recent months – was the subject of an FBI industry alert this week obtained by BleepingComputer earlier this week. The group has claimed to have infected at least 150 victims and the bureau warned that their collaborative ransomware-as-a-service model make their operations both extremely flexible and hard to detect.
“Because of the large number of actors involved in deploying Egregor, the tactics, techniques and procedures ( ..