Security News > 2023 > October > BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The introduction of Munchkin to BlackCat's already extensive and advanced arsenal makes the RaaS more attractive to cybercriminals seeking to become ransomware affiliates.
After compromising a device, the threat actors install VirtualBox and create a new virtual machine using the Munchkin ISO. This Munchkin virtual machine includes a suite of scripts and utilities that allow the threat actors to dump passwords, spread laterally on the network, build a BlackCat 'Sphynx' encryptor payload, and execute programs on network computers.
Analyzing the ransomware samples allows researchers to gain full access to the negotiation chat between a ransomware gang and its victim.
Munchkin makes it easier for BlackCat ransomware affiliates to perform various tasks, including bypassing security solutions protecting the victim's device.
BlackCat emerged in late 2021 as a sophisticated Rust-based ransomware operation as the successor to BlackMatter and Darkside.
BlackCat ransomware hits Azure Storage with Sphynx encryptor.
News URL
Related news
- Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries (source)
- Lessons from a Ransomware Attack against the British Library (source)
- Jackson County in state of emergency after ransomware attack (source)
- Panera Bread week-long IT outage caused by ransomware attack (source)
- The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack (source)
- How can the energy sector bolster its resilience to ransomware attacks? (source)
- The Drop in Ransomware Attacks in 2024 and What it Means (source)
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)