• Check Point Research (CPR) warns of potential ransomware attacks, as it sees samples of Emotet fast-spreading via Trickbot. Since Emotet’s takedown by law enforcement, CPR estimates 140,000 victims of Trickbot, across 149 countries in only 10 months. New Emotet samples spreading through Trickbot were discovered by CPR on November 15, 2021. Emotet is a strong indicator of future ransomware attacks, as the malware provides ransomware gangs a backdoor into compromised machines.  
  • Trickbot relies heavily on a small number of IP addresses for distribution

Check Point Research (CPR) sees samples of Emotet fast-spreading through surges in Trickbot activity. Once described as the ‘world’s most dangerous malware’, Emotet provides threat actors with a backdoor into compromised machines, which could be leased out to ransomware gang to use for their own campaigns. Hence, Emotet’s return is a strong indicator of future ransomware attacks. 

At the beginning of the year, an international law enforcement action coordinated by Europol and Eurojust took over the Emotet infrastructure and arrested two individuals. Ten months later, on November 15, 2021, Trickbot infected machines started to drop Emotet samples by promoting users to download password protect zip files, containing malicious documents that are rebuilding Emotet’s botnet network. Emotet has also upgraded its operations, adding some new tricks to its toolbox.

Figure 1. The graph below shows the victims of Emotet in the year 2021.


140,000+ Trickbot Victims 

Trickbot has demonstrated a persistent rate of growth in activity. CPR spotted more than 140,000 victims affected by Trickbot all around the globe since the botnet takedown, including organizations and individuals. Trickbot affected 149 countries in total, which marks more than 75% of all the countries on the world.

Figure 2. Trickbot dynamic of infected machines since November 1, 2020


Trickbot by Geography

Figure 3. Trickbot victims since November 1, 2020 grouped by countries


Trickbot by Industry

CPR tracked a distribution of victims by industries which is reflected in the graph below. Victims from high profile industries constitute more than 50% of all the victims.

Figure 4. Trickbot victims since November 1, 2020 grouped by industries


Lotem Finkelstein, Head of Threat Intelligence, at Check Point Software said: 

“Emotet was the strongest botnet in the history of cybercrime with a rich infection base. Now, Emotet has resold its infection base to other threat actors to spread their malware; and most of the time, it’s been to ransomware gangs. Emotet’s comeback is a major warning sign for yet another surge in ransomware attacks as go into 2022. Trickbot, who has always collaborated with Emotet, is facilitating Emotet’s comeback by dropping it on infected victims. This has allowed Emotet to start from a very firm position, and not from scratch. In only two weeks, Emotet became the 7th most popular malware, as see in our recent Most Wanted Malware List . Emotet is our best indicator for future ransomware attacks. We should treat Emotet and Trickbot infections like they are ransomware. Otherwise, it is only a matter of time before we have to deal with an actual ransomware attack.”


Send us your press releases to pressrelease.zawya@refinitiv.com

© Press Release 2021

Disclaimer: The contents of this press release was provided from an external third party provider. This website is not responsible for, and does not control, such external content. This content is provided on an “as is” and “as available” basis and has not been edited in any way. Neither this website nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this press release.

The press release is provided for informational purposes only. The content does not provide tax, legal or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither this website nor our affiliates shall be liable for any errors or inaccuracies in the content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the information within this article is at your sole risk.

To the fullest extent permitted by applicable law, this website, its parent company, its subsidiaries, its affiliates and the respective shareholders, directors, officers, employees, agents, advertisers, content providers and licensors will not be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, including without limitation, lost profits, lost savings and lost revenues, whether in negligence, tort, contract or any other theory of liability, even if the parties have been advised of the possibility or could have foreseen any such damages.