Security News > 2022 > April > Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity

Cybersecurity researchers have uncovered further links between BlackCat and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year.

"At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool and which has only been observed in BlackMatter activity," Kaspersky researchers said in a new analysis.

The findings come less than a month after Cisco Talos researchers identified overlaps in the tactics, techniques, and procedures between BlackCat and BlackMatter, describing the new ransomware variant as a case of "Vertical business expansion."

BlackCat stands out for two reasons: it's an affiliate actor that has deployed BlackMatter in the past and its malware is written in Rust, indicating how threat actors are increasingly pivoting to programming languages with cross-compilation capabilities.

The group "Provides infrastructure, malware samples, ransom negotiations, and probably cash-out," the researchers noted.

"This use of a modified Fendr, also known as ExMatter, represents a new data point connecting BlackCat with past BlackMatter activity," the researchers said.

News URL

https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html