Rapidly Evolving BlackMatter Ransomware Tactics

Cipher Tech analysts monitoring VirusTotal for BlackMatter ransomware activity discovered new variants of BlackMatter malware self-reporting as versions 1.9 and 2.0. The new BlackMatter malware samples contain additional functionality, changes to the configuration data, and version 2.0 additionally introduces changes to the configuration decryption algorithm. Cipher Tech analysts developed an ACCE module to automate the extraction of BlackMatter malware’s configuration data. Cipher Tech’s analysis reveals

Continue reading

RoboSki and Global Recovery: Automation to Combat Evolving Obfuscation

In a recent collaboration to investigate a rise in malware infections featuring a commercial Remote Access Trojan (RAT), IBM Security X-Force and Cipher Tech Solutions (CT), a defense and intelligence security firm, investigated malicious activity that spiked in Q1-2021. With over 1,300 malware samples collected, our teams analyzed the delivery of a new variant of the RoboSki packer, a packer being widely used to thwart detection and ultimately deliver commodity RATs to enterprise networks.

Continue reading