BlackCat Incorporates ‘Munchkin’ into Its Arsenal

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The BlackCat ransomware group has introduced a new tool called ‘Munchkin’ in its operations. This tool employs virtual machines (VMs) to stealthily deploy encryptors on network devices. Munchkin allows the BlackCat group to run on remote systems and encrypt network file shares. Using VMs to deploy ransomware is a technique that enhances the stealth and reach of the attackers.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.