1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft has found a new version of the BlackCat ransomware

    From TechnologyDaily@1337:1/100 to All on Fri Aug 18 10:00:03 2023
    Microsoft has found a new version of the BlackCat ransomware

    Date:
    Fri, 18 Aug 2023 09:49:17 +0000

    Description:
    Some call it BlackCat 2.0, some BlackCat 3.0, and some call it Sphynx. Whatever the name, the malware is dangerous.

    FULL STORY ======================================================================

    Microsoft Threat Intelligence, the companys cybersecurity arm, recently announced the discovery of a new strain of the infamous BlackCat ransomware variant.

    In a thread posted on Twitter, the company said the new version comes with
    two new additions that help ransomware operators move laterally across compromised networks.

    The two additions include the open-source communication framework tool Impacket, and the Remcom hacking tool. Impacket and Remcom

    Impacket has been described as an open-source collection of Python classes
    for working with network protocols, more commonly used as a post-exploitation toolkit by pentesters, red teamers, and cybercriminals, as it allows them to move laterally throughout the network, dump credentials from processes, perform NTLM relay attacks, and more.

    With BlackCat, Impacket is being used to dump credentials and execute the encryptor code remotely. Read more

    The best firewall software


    LockBit ransomware has cost victims millions in the US alone


    The end of Reddit? Why the blackout is still going and what happens next

    The Remcom hacktool is also used for remote code execution and lateral movement, both facilitating encryptor deployment.

    Microsoft doesnt seem to be the first one to have stumbled upon this updated version of BlackCat. BleepingComputer says that VX-Underground reported on it in April this year. Citing a message BlackCat operators sent to its affiliates, the publication says the new version is called Sphynx:

    "The code, including encryption, has been completely rewritten from scratch. By default all files are frozen. The main priority of this update was to optimize detection by AV/EDR," the crooks said in their announcement.

    BleepingComputer also saw a private Microsoft 365 Defender Threat Analytics advisory in which Microsoft said Storm-0875 started using Sphynx in July this year.

    BlackCat is also known as ALPHV and was first launched in November 2021. It
    is widely considered as one of the most popular and most disruptive
    ransomware variants out there.

    In more recent news, BlackCat was responsible for an attack against Reddit , one of the biggest online forums. Get a security boost and consider the best endpoint protection software

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-has-found-a-new-version-of-th e-blackcat-ransomware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)