Security Awareness – BlackCat Ransomware Adds New Tools and Tricks

Security researchers at Sophos recently published a report on BlackCat ransomware, that warned the threat actors behind the ransomware are adding new tools and practices, making the malware more effective at compromising organizations. BlackCat threat actors have targeted organizations in the US, Europe, and Asia, and don’t appear to favor any type of victim. “The only pre-requisite for an attack,” according to techradar, “is that the business operates on systems that have reached end-of-life, don’t have multifactor authentication or VPNs, and use flat networks (where every endpoint has visibility into all other endpoints on the network).” The group has also compromised organizations by exploiting vulnerabilities in firewalls. Additionally, BlackCat threat actors have been observed using new tools such as Brute Ratel which is a penetration testing and attack simulation tool that is similar to Cobalt Strike. To defend against this (and all other) ransomware, members are encouraged to make sure all systems are up to date, conduct regular patch management, and regularly reference CISA’s StopRansomware page for more guidance and resources. Read more at Techradar.