A new version of the BlackCat ransomware’s data exfiltration tool for double-extortion attacks has been released. Exmatter, the stealer tool, has been in use since BlackCat’s initial release in November 2021.
Exmatter Evolution Symantec researchers (who track the group as Noberus) claim in a report that the ransomware group’s focus appears to be on data exfiltration capabilities, which is a critical component of double-extortion attacks.
The exfiltration tool was substantially updated in August, with various changes including the ability to exfiltrate data from a wide range of file types, including FTP and WebDav, to SFTP, and the option to create a report listing all processed files. It has also added a ‘Eraser’ feature to corrupt processed files, as well as a ‘Self-destruct’ configuration option to delete and quit if it runs in a non-valid environment.
New information stealer
The deployment of new malware known as Eamfo, which is specifically designed to target credentials saved in Veeam backups, has increased BlackCat’s ability to steal information even further.
Eamfo connects to the Veeam SQL database and uses a SQL query to steal backup credentials. It decrypts and displays credentials to an attacker once they have b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: