"BlackCat Ransomware Hits Azure Storage With Sphynx Encryptor"

The BlackCat (ALPHV) ransomware group encrypts Azure cloud storage using stolen Microsoft accounts and the recently discovered Sphynx encryptor. Sophos X-Ops incident responders found that the attackers used a new Sphynx variant with added support for using custom credentials. After gaining access to the Sophos Central account with a stolen One-Time Password (OTP), the attackers disabled Tamper Protection and modified security policies. These actions were possible after stealing the OTP from the victim's LastPass vault through the LastPass Chrome extension. They encrypted the Sophos customer's systems and Azure cloud storage and added the [.]zk09cvt extension to all locked files. In total, the ransomware operators were able to effectively encrypt 39 Azure Storage accounts. This article continues to discuss the BlackCat (ALPHV) ransomware gang using stolen Microsoft accounts and the Sphynx encryptor to encrypt targets' Azure cloud storage.

Bleeping Computer reports "BlackCat Ransomware Hits Azure Storage With Sphynx Encryptor"