BlackCat Ransomware attackers fine-tuning their malware arsenal in a bid to remain undercover and expand their reach.
According to Symantec, “Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software.”
BlackCat, also identified by the names ALPHV and Noberus, is attributed to an adversary tracked as Coreid (aka FIN7, Carbanak, or Carbon Spider) and is explained to be a rebranded successor of DarkSide and BlackMatter, the two of which shut store very last year pursuing a string of high-profile attacks, which include that of Colonial Pipeline.
ALPHV is also a person of the first ransomware strains to be programmed in Rust, a trend that has considering that been adopted by other households this sort of as Hive and Luna .
The research team discovered that BlackCat Ransomware attackers are capable of indexing leaked data and making it searchable.
BlackCat Ransomware attackers are also using Exmatter as a data exfiltration tool. It generates a report of all processed files and even corrupts the files in its latest revision.
Eamfo, a malware designed to steal Veeam, is used when attacking a server. The malware allows hackers to gain more clearance and move in and out of an organization’s system.
Ransomware groups are continually adapting and refining their operations to stay effective, as long as possible. Group 88 is focusing more on data theft, rather than ransomware and cryptocurrency.
ad5002c8a4621efbd354d58a71427c157e4b2805cb86f434d724fc77068f1c40 – Trojan.Exmatter
8c5b108eab6a397bed4c099f13eed52aeeec37cc214423bde07544b44a62e74a – Ransom.Noberus
18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7 – GMER Driver
e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173 – GMER
ed6275195cf9fd758fb7f8bce868c14dc9e9d6b7aa6f472f714bce5ed7fabf7f – Masqueraded PAExec
5799d554307906e92749a0c45f21baff28d83b1cedccbf7cb6f2b98ac1b00930 – Masqueraded PAExec
Leave A Comment