Shortly after the Conti ransomware group ceased operations in June 2022, Ransomware-as-a-Service (RaaS) groups like Quantum and BlackCat began leveraging the Emotet malware. Emotet started as a banking trojan in 2014, but over time, upgrades have transformed it into a highly dangerous threat that can download additional payloads onto the victim’s computer, allowing attackers to control it remotely. “From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is currently attributed to Quantum and BlackCat,” stated researchers at AdvIntel. In typical attack sequences, Cobalt Strike is dropped via Emotet, which is then deployed as a post-exploitation tool for ransomware operations. Even though the Conti ransomware gang was disbanded, some of its members are still engaged in criminal activity as independent entities or as members of other ransomware gangs like BlackCat and Hive.