Microsoft has found a new variant of the BlackCat ransomware that incorporates the Remcom hacking tool and the Impacket networking infrastructure, allowing it to move laterally across a breached network. “The code has been totally redone from scratch, including the encryption. All files are frozen by default. The primary goal of this upgrade was to improve AV/EDR detection, according to the ransomware operations.
A new BlackCat/ALPHV encryptor version dubbed Sphynx was tweeted about in April by cybersecurity researcher VX-Underground.x000D The core elements of ALPHV/BlackCat 2.0: Sphynx have successfully undergone testing, the BlackCat operators informed its affiliates in a message.