Security News > 2023 > October > BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates.
After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.
Analyzing the ransomware samples allows researchers to gain full access to the negotiation chat between a ransomware gang and its victim.
Munchkin makes it easier for BlackCat ransomware affiliates to perform various tasks, including bypassing security solutions protecting the victim's device.
BlackCat emerged in late 2021 as a sophisticated Rust-based ransomware operation as the successor to BlackMatter and Darkside.
BlackCat ransomware hits Azure Storage with Sphynx encryptor.
News URL
Related news
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- Schools bombarded by nation-state attacks, ransomware gangs, and everyone in between (source)
- BianLian ransomware claims attack on Boston Children's Health Physicians (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)