Security News > 2022 > April > Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity
Cybersecurity researchers have uncovered further links between BlackCat and BlackMatter ransomware families, the former of which emerged as a replacement following international scrutiny last year.
"At least some members of the new BlackCat group have links to the BlackMatter group, because they modified and reused a custom exfiltration tool and which has only been observed in BlackMatter activity," Kaspersky researchers said in a new analysis.
The findings come less than a month after Cisco Talos researchers identified overlaps in the tactics, techniques, and procedures between BlackCat and BlackMatter, describing the new ransomware variant as a case of "Vertical business expansion."
BlackCat stands out for two reasons: it's an affiliate actor that has deployed BlackMatter in the past and its malware is written in Rust, indicating how threat actors are increasingly pivoting to programming languages with cross-compilation capabilities.
The group "Provides infrastructure, malware samples, ransom negotiations, and probably cash-out," the researchers noted.
"This use of a modified Fendr, also known as ExMatter, represents a new data point connecting BlackCat with past BlackMatter activity," the researchers said.
News URL
https://thehackernews.com/2022/04/researchers-connect-blackcat-ransomware.html
Related news
- Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals (source)
- Ransomware gang deploys new malware to kill security software (source)
- Researcher sued for sharing data stolen by ransomware with media (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)