Security News > 2023 > October > BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates.
After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.
Analyzing the ransomware samples allows researchers to gain full access to the negotiation chat between a ransomware gang and its victim.
Munchkin makes it easier for BlackCat ransomware affiliates to perform various tasks, including bypassing security solutions protecting the victim's device.
BlackCat emerged in late 2021 as a sophisticated Rust-based ransomware operation as the successor to BlackMatter and Darkside.
BlackCat ransomware hits Azure Storage with Sphynx encryptor.
News URL
Related news
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)