CyberSecurity updates
2025-02-25 13:11:00 Pacfic

BlackLock Ransomware Group Becomes Prolific Operator - 6d
BlackLock Ransomware Group Becomes Prolific Operator

The BlackLock ransomware group is poised to become one of the most prolific RaaS operators in 2025. The group cropped up in early 2024 and is known for their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their aggressive recruiting of traffers, initial access brokers, and affiliates. Its ransomware uses custom-built ransomware that can evade analysis. The group employs significant techniques to prevent analysis.

Ransomware-as-a-Service (RaaS) Operations Share Tactics - 28d
Ransomware-as-a-Service (RaaS) Operations Share Tactics

HellCat and Morpheus, two ransomware-as-a-service (RaaS) operations, have been observed using identical payloads to target victims. The payloads use Windows Cryptographic Application Programming Interface (CAPI) to encrypt data, and both ransomware operations direct victims to use Tor browsers and provided credentials to access their respective .onion portals. Researchers believe that the overlap in tactics and payloads is likely due to a connection between the two groups. The use of similar tools and tactics suggests a collaboration between HellCat and Morpheus or a shared origin, which is a cause for concern for security professionals, as it indicates a potential for increased sophistication and impact of ransomware attacks.