New BlackCat Hacker Tool Spreads Ransomware to Remote Machines
The BlackCat ransomware operators have demonstrated ongoing adaptation and innovation in their malicious activities, making mitigating their threats challenging for security experts.
BlackCat operators, like Munchkin, revealed updates for propagating their payload across victim networks. They’ve been consistently evolving their ransomware tooling over the past two years.
Cybersecurity researchers at Unit 42 of Palo Alto Networks, BlackCat operators recently revealed updates, like Munchkin, for propagating their payload across victim networks. They have been consistently evolving their ransomware tooling over the past two years.
Unit 42 researchers obtained a unique instance of Munchkin loaded in a customized Alpine VM, highlighting a growing trend among ransomware threat actors to use VMs for evading security solutions in malware deployment.
BlackCat’s evolution over time involved obfuscating configurations and employing command-line parameters for added security.
Their latest tool, ‘Munchkin,’ uses a Linux-based OS to run BlackCat on remote machines and encrypt SMB/CIFS shares.