BleepingComputer has written an article discussing an observed BlackCat ransomware attack that utilized a new variant of the Sphynx encryptor with added support for using custom credentials.

The attack began after attackers accessed a victim’s LastPass vault to acquire a One Time Password for Sophos Central. Once accessed, they modified the security policies to make it possible to use the Sphynx encryptor on the victim’s organization’s network, while simultaneously targeting their remote Azure cloud storage with a different stolen password. BlackCat is suspected of having been DarkSide, the criminal group behind the Colonial Pipeline hack, and is considered one of the most sophisticated ransomware gangs currently in operation. Read more at Bleeping Computer.