BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Sphynx - new ransomware weapon. Why is this virus so much more dangerous than the previous ones?

    ALPHV/BlackCat does not even think of losing ground and is constantly improving its malicious tools.

    The group of hackers behind the BlackCat ransomware recently unveiled an improved variant of their malware that prioritizes speed and stealth in order to bypass defense mechanisms and achieve their goals.

    The new version, called Sphynx, was announced in February 2023 and contains "a number of updated features that help avoid detection," according to a new analysis by IBM Security X-Force.

    The hacker product update was first noted by VX-Underground in April 2023. And Trend Micro last month detailed a Linux version of Sphynx that "focuses primarily on the encryption process."

    The ALPHV/BlackCat group, also known as Noberus, developed the first ransomware based on the Rust language. Active since November 2021, it has grown into a significant threat, with over 350 targets affected as of May 2023.

    The group is also known to use a double extortion scheme by deploying special data stealing tools such as ExMatter to exfiltrate sensitive data before encryption.

    ALPHV/BlackCat hackers gain primary access to targeted networks, usually through third-party actors called Initial Access Brokers (IABs), who use their own malware to steal legitimate credentials.

    The latest version of Sphynx by ALPHV/BlackCat contains junk code and encrypted strings, and reworks the command line arguments passed to the binary. All to avoid detection.

    Sphynx also includes a separate downloader for decrypting the ransomware payload, which, when executed, looks for additional networks to compromise. In general, the malware follows a standard pattern: it deletes backup copies of data on target devices, encrypts files, and leaves a ransom note.

    Despite law enforcement campaigns targeting ALPHV/BlackCat activity directly, the constant shift in tactics is proof that the group remains an active threat to organizations and has no intention of ceasing to engage in malicious activity.

    Just today, we wrote about the recent results of a study by WithSecure, which discovered a kind of delegation of duties between hacker groups, which allows more destructive attacks to be carried out much faster and more efficiently than one group would deal with the entire attack chain.

    As you can see, even such a large and well-known group of extortionists does not hesitate to share profits with other attackers, constantly resorting to the services of primary access brokers.

    Author DeepWeb
    SEC sues Coinbase as it continues its crackdown on crypto exchanges
    For several years, hackers have been using state websites and portals of US and European universities to advertise their services.

    Comments 0

    Add comment