FlagThis

HellCat and Morpheus, two ransomware-as-a-service (RaaS) operations, have been observed using identical payloads to target victims. The payloads use Windows Cryptographic Application Programming Interface (CAPI) to encrypt data, and both ransomware operations direct victims to use Tor browsers and provided credentials to access their respective .onion portals. Researchers believe that the overlap in tactics and payloads is likely due to a connection between the two groups. The use of similar tools and tactics suggests a collaboration between HellCat and Morpheus or a shared origin, which is a cause for concern for security professionals, as it indicates a potential for increased sophistication and impact of ransomware attacks.