Fraud Management & Cybercrime , Ransomware

BlackCat Ransomware Variant Incorporates Impacket, RemCom

Version Uses Open-Source Communication Framework Tool for Lateral Movement
BlackCat Ransomware Variant Incorporates Impacket, RemCom
Image: Shutterstock

Microsoft identified a new variant of BlackCat ransomware malware that uses an open-source communication framework tool to facilitate lateral movement in target environments.

See Also: Defend Your Business Against Web-Based Threats

The Redmond giant on Thursday revealed that the updated cryptoware incorporates the Impacket networking framework and the RemCom hacking tool. Security researchers at the computing giant started observing the new version being used by a BlackCat affiliate in July.

BlackCat, also known as Alphv, is a Russian-speaking criminal group suspected of being a successor to DarkSide and BlackMatter, with ties to former REvil members. The group earlier this year posted online stolen diagnostic images of breast cancer patients disrobed from the waist up (see: BlackCat Leaking Patient Data and Photos Stolen in Attack).

Impacket is an open-source collection of modules designed for network penetration testing, security assessments and related research purposes. Microsoft said BlackCat is using Impacket's credential dumping and remote service execution modules to deploy malware ransomware in target environments.

The RemCom tool allows for remote code execution. It is embedded in the ransomware usernames and passwords already set up and allows them to spread the ransomware to other computers in the network and lock up more files for ransom.

VX-underground reported in April that an updated version of the BlackCat ransomware called Sphynx had brought improvements in encryption speed and stealthiness.

The U.S. Cybersecurity and Infrastructure Security Agency in an advisory published in 2022 warned of Impacket being used to steal sensitive information from a defense industrial base organization.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.