We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Microsoft Discovers New BlackCat Ransomware Variant

Microsoft Discovers New BlackCat Ransomware Variant
Author Image Keira Waddell
Keira Waddell Published on 22nd August 2023 Former Senior Writer

Microsoft's Threat Intelligence unit has recently discovered an advanced iteration of the infamous BlackCat ransomware. This updated version, known as BlackCat 3.0, is equipped with powerful tools: the Impacket networking framework and the Remcom hacking tool. These tools enable swift lateral movement and remote command execution within compromised networks.

The new variant, dubbed BlackCat 3.0 by Microsoft, was first brought to public attention by cybersecurity researcher VX-Underground in April. The developers behind the ransomware informed their affiliates that the code, including encryption, had been completely rewritten to enhance its ability to elude detection by antivirus and endpoint detection and response (AV/EDR) systems.

The IBM Security X-Force team subsequently conducted an in-depth analysis of the updated ransomware and found references to Impacket within its executable. Impacket is an open-source Python framework that’s frequently employed by penetration testers, red teamers, and threat actors to spread laterally on a network, extract sensitive information from processes, and more.

Microsoft's Threat Intelligence team has confirmed the presence of Impacket in the new BlackCat variant. Furthermore, the ransomware variant has incorporated the Remcom hacking tool, which functions as a remote shell for executing commands on other devices within a network.

According to Microsoft's observations, the BlackCat operation has been using the Impacket framework to conduct activities like credential duping and remote service execution, facilitating the widespread deployment of the ransomware across target networks. Microsoft revealed that the BlackCat affiliate known as 'Storm-0875' had been using this new version since July 2023.

BlackCat, also known as ALPHV, emerged onto the cyber threat landscape in November 2021 and is believed to have links with the DarkSide/BlackMatter gang. Renowned for its continuous evolution, the group has adopted innovative tactics over time, including the creation of a clearweb leak site and a data leak API for easier data dissemination.

As BlackCat evolves from a mere ransomware encryptor into a comprehensive post-exploitation toolkit, the pace and complexity of its attacks are poised to intensify. This progression poses challenges for defenders working to detect and mitigate its impact.

Moreover, BlackCat recently made headlines for its attack on Reddit, underscoring its persistent threat to organizations of different scales.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address