Security News > 2023 > September > BlackCat ransomware hits Azure Storage with Sphynx encryptor
The BlackCat ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage.
In total, the ransomware operators could encrypt 39 Azure Storage accounts successfully.
They infiltrated the victim's Azure portal using a stolen Azure key that provided them access to the targeted storage accounts.
Sophos discovered the Sphynx variant in March 2023 during an investigation into a data breach that shared similarities with another attack described in an IBM-Xforce report published in May. Microsoft also found last month that the new Sphynx encryptor is embedding the Remcom hacking tool and the Impacket networking framework for lateral movement across compromised networks.
In a new extortion approach last summer, the ransomware gang used a dedicated clear web website to leak the stolen data of a specific victim, providing the victim's customers and employees with the means to determine whether their data had been exposed.
Japanese watchmaker Seiko breached by BlackCat ransomware gang.