Black Cat: Sphynx (ransomware virus)

Main article: Ransomware ransomware ransomware viruses (ransomware)

2023: Sphynx is the new ransomware weapon. Why this virus is much more dangerous than previous ones

On May 30, 2023, IBM Security X- Force experts reported that the cybercriminal group responsible for distributing the BlackCat ransomware had created a much more dangerous version of its malicious software. The new malware is called Sphynx.

Since its introduction in 2021, BlackCat viruses have become one of the leading families of ransomware. They are used in attacks on organizations in the fields of health care, education, production and hospitality, as well as on government structures. Although the modification of Sphynx first became known in February 2023, its detailed analysis took several months.

Sphynx virus is much more dangerous than previous ones

The Sphynx malware has a redesigned architecture that makes it difficult to detect by antivirus tools. In particular, modified command line arguments are used. Configuration data contains unnecessary code fragments and encrypted lines - this prevents analysis.

Sphynx includes a complex bootloader that decrypts thousands of lines and payload after launch. The ransomware scans the network environment to find other potentially vulnerable systems. The malware destroys its shadow copies, encrypts files using the AES or ChaCha20 algorithm, and then generates a ransom message.

IBM Security X- Force experts note that the constant improvement of the capabilities of BlackCat malware and the introduction of new tactics for bypassing security tools indicates a deep understanding by attackers of target systems and the principles of security tools. Cybercriminals increase the speed and stealth of attacks, which increases their effectiveness and creates additional difficulties in terms of counteraction.^[1]

Notes