2025-01-30 21:25:27 Pacfic
Ransomware-as-a-Service (RaaS) Operations Share Tactics - 3d
Two Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, are exhibiting striking similarities in their attack methods, according to a recent analysis by SentinelOne. Both groups have been found to be using nearly identical payloads to encrypt victim’s data, utilizing the Windows Cryptographic Application Programming Interface (CAPI). Furthermore, both direct victims to access .onion portals via the Tor browser and provided credentials to receive ransom instructions. This overlap in tools and techniques suggests a potential collaboration between HellCat and Morpheus or, perhaps, a shared origin.
The shared code base indicates that affiliates across both groups are compiling payloads that contain almost identical code. Despite differences in victim-specific details, the core functionality of the ransomware is the same: it encrypts file contents, leaving extensions and metadata intact, and delivers a ransom note instructing victims to connect via a Tor browser. While no direct link has been found between the HellCat and Morpheus operators, the identical code suggests the possibility of a common builder application used by affiliates. With ransom demands as high as 32 Bitcoin, approximately $3 million, it is vital that businesses and organizations have a strong threat detection system to mitigate these growing threats.
ImgSrc: securityonline.info
References:
- cyberpress.org - The cybersecurity landscape has witnessed a surge in ransomware activity over the past six months, driven by new actors and the resurgence of established groups. Notably, the emergence of ransomware f - 3d
- securityonline.info - Over the past six months, ransomware activity has surged, with new operations like HellCat and Morpheus making their The post appeared first on . - 3d
- SCM feed for Threat Management - HellCat, Morpheus RaaS operations leverage similar payloads - 3d
- www.sentinelone.com - SentinelOne's Jim Walter analyses payloads from both HellCat and Morpheus ransomware operations and show how affiliates across both operations are compiling payloads that contain almost identical code - 3d
- @VirusBulletin - SentinelOne's Jim Walter analyses payloads from both HellCat and Morpheus ransomware operations and show how affiliates across both operations are compiling payloads that contain almost identical code - 3d
- Cyber Security News - HellCat and Morpheus Ransomware Using Identical Payloads for Infection - 3d
- Malware Archives ? Cybersecurity News - HellCat and Morpheus: Ransomware Affiliates Using Identical Payloads to Escalate Attacks - 3d
- securityonline.info - From Victim Profiles to Data Leaks: Inside the Lynx Ransomware-as-a-Service Ecosystem - 1h
Classification:
- HashTags: Ransomware HellCat Morpheus
- Attacker: HellCat and Morpheus
- Feature: RaaS
- Type: Ransomware
- Severity: Major