reports that the Emotet botnet has been thriving since its revival by the Conti ransomware gang in November, with 130,000 systems across 179 countries already infected.
Distribution of the Emotet
botnet has significantly increased since the beginning of the year, with the new campaign leveraging a novel elliptic curve cryptography scheme, as well as delivering a process list module upon establishment of a C2 connection, according to Black Lotus Labs researchers. Stronger information-gathering capabilities have also been added to Emotet to facilitate system profiling improvements.
The report also showed that Emotet's revival has been supported by 200 unique C2s, with the number slowly increasing, while C2 activity averaged at 29 days. The U.S. and Germany accounted for most of the botnet's C2 infrastructure, followed by France, Brazil, Thailand, Singapore, Indonesia, Canada, the U.K., and India. Meanwhile, the U.S. was the seventh most targeted country by Emotet, following Japan, India, Indonesia, Thailand, South Africa, and Mexico, but ahead of China, Brazil, and Italy.