FlagThis

CyberSecurity updates
Updated: 2024-10-22 01:24:40 Pacfic
securityintelligence.com
BlackCat Ransomware Returns as Cicada3301: A Case of Malware Evolution and Rebranding - 4h

Read more: securityintelligence.com

The BlackCat ransomware, known for its Rust-based code and sophisticated attack techniques, went inactive after successfully extorting a $22 million ransom from Change Healthcare. The group cited law enforcement interference as the reason for its shutdown. However, a new ransomware strain, Cicada3301, has emerged with striking similarities to BlackCat, suggesting a possible rebranding or continuation of the same operation. Both strains use similar toolsets, share code similarities, and exhibit similar functionality, including methods for shadow copy deletion and tampering. The similarities between BlackCat and Cicada3301 raise concerns about the potential return of a highly effective and dangerous ransomware group.

References:
  • Malware Analysis, News and Indicators - An article analyzing the similarities between BlackCat and Cicada3301, raising concerns about a potential return of the ransomware group. - 5h
  • securityintelligence.com - A Security Intelligence article exploring the connection between BlackCat and Cicada3301. - 5h
  • blog.morphisec.com - While he says that code itself isn’t just a rehash of BlackCat, “the malware group has either seen the code base or are using the same developers. - 3h
  • securityintelligence.com - It was the first piece of ransomware written in Rust. Choosing Rust let BlackCat engineers add customized features and implement measures that prevented malware analysis. - 3h

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts documented at my website here (https://royans.net/) if you have feedback. You can also find Flathis at Mastodon.