Security News > 2022 > April > Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
Cybersecurity researchers have uncovered further links between BlackCat and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year.
"At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool and which has only been observed in BlackMatter activity," Kaspersky researchers said in a new analysis.
The findings come less than a month after Cisco Talos researchers identified overlaps in the tactics, techniques, and procedures between BlackCat and BlackMatter, describing the new ransomware variant as a case of "Vertical business expansion."
BlackCat stands out for two reasons: it's an affiliate actor that has deployed BlackMatter in the past and its malware is written in Rust, indicating how threat actors are increasingly pivoting to programming languages with cross-compilation capabilities.
The group "Provides infrastructure, malware samples, ransom negotiations, and probably cash-out," the researchers noted.
"This use of a modified Fendr, also known as ExMatter, represents a new data point connecting BlackCat with past BlackMatter activity," the researchers said.
News URL
https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html
Related news
- Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- A pot of $250K is now available to ransomware researchers, but it feeds a commercial product (source)