Security News > 2023 > October > BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates.
After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.
Analyzing the ransomware samples allows researchers to gain full access to the negotiation chat between a ransomware gang and its victim.
Munchkin makes it easier for BlackCat ransomware affiliates to perform various tasks, including bypassing security solutions protecting the victim's device.
BlackCat emerged in late 2021 as a sophisticated Rust-based ransomware operation as the successor to BlackMatter and Darkside.
BlackCat ransomware hits Azure Storage with Sphynx encryptor.
News URL
Related news
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Sensata Technologies hit by ransomware attack impacting operations (source)
- Ransomware attack cost IKEA operator in Eastern Europe $23 million (source)
- Kidney dialysis firm DaVita hit by weekend ransomware attack (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)