BlackCat ransomware hits Azure Storage with Sphynx encryptor

Azure cloud storage is now encrypted by the BlackCat (ALPHV) ransomware gang using compromised Microsoft credentials and the freshly discovered Sphynx encryptor. Sophos X-Ops incident responders found that the attackers employed a new Sphynx variant with added support for using bespoke credentials while looking into a recent breach.

They disabled Tamper Protection and changed the security policies after using a stolen One-Time Password (OTP) to log into the Sophos Central account. After stealing the OTP from the victim’s LastPass vault using the LastPass Chrome extension, these operations were made available.x000D They then added the.zk09cvt extension to all locked files and encrypted the Sophos customer’s systems as well as the remote Azure cloud storage. The ransomware developers were able to successfully encrypt 39 Azure Storage accounts in total.

BlackCat ransomware hits Azure Storage with Sphynx encryptor

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

BlackCat ransomware hits Azure Storage with Sphynx encryptor

16-Sep-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address