Ransomware Alert: HellCat and Morpheus Ransomware Operations Linked to Identical Code
Date: January 23, 2025
Author: Ravie Lakshmanan
Categories: Threat Intelligence, Data Breach
Analysis of HellCat and Morpheus Ransomware Operations Reveals Identical Code
A recent analysis by SentinelOne has revealed that affiliates associated with the HellCat and Morpheus ransomware entities are using identical code for their ransomware payloads. This finding comes from artifacts uploaded to the VirusTotal malware scanning platform by the same submitter towards the end of December 2024.
Identical Payload Samples
According to Jim Walter, a security researcher at SentinelOne, the two payload samples are identical except for victim-specific data and the attacker contact details. This suggests a high level of coordination and cooperation between the two groups.
Ransomware Attacks on the Rise
The rise of new and aggressive actors, such as FunkSec, has led to a significant increase in ransomware attacks. In December 2024, a record 574 ransomware attacks were observed, with FunkSec accounting for 103 incidents. Other prevalent ransomware groups include Cl0p (68), Akira (43), and RansomHub (41).
Threat Landscape
The increase in ransomware attacks is alarming and suggests a more turbulent threat landscape heading into 2025. "December is usually a much quieter time for ransomware attacks, but last month saw the highest number of ransomware attacks on record, turning that pattern on its head," said Ian Usher, associate director of Threat Intelligence Operations and Service Innovation at NCC Group.
Conclusion
The use of identical code by HellCat and Morpheus ransomware entities highlights the need for increased vigilance and cooperation in the fight against cybercrime. As the threat landscape continues to evolve, it is essential to stay informed and up-to-date on the latest developments in ransomware attacks.
Follow Us
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
