Sphynx

Malware updated 7 months ago (2024-05-04T19:19:06.343Z)

Download STIX

Preview STIX

Sphynx, a new variant of the BlackCat ransomware, was announced and launched by ALPHV Blackcat administrators in February 2023. This update, named ALPHV BlackCat Ransomware 2.0 Sphynx, was rewritten to provide additional features to affiliates, including improved defense evasion capabilities and additional tooling. The malware's evolution has been tracked through previous alerts from April 2022 and December 2023, culminating in this formidable iteration. The Sphynx version of BlackCat ransomware introduced advanced capabilities, such as the ability to encrypt both Windows and Linux devices, and VMWare instances. The tooling provided a Linux-based operating system (OS) running Sphynx, the latest BlackCat variant. The additional features and improved defense evasion capabilities make this malware a significant threat to cyber infrastructure. In response to this threat, the US Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory containing updated Indicators of Compromise (IoCs) associated with the BlackCat Ransomware 2.0 Sphynx version released in February 2023. This constant updating of its malware underscores the persistent threat posed by the BlackCat group and the need for ongoing vigilance and cybersecurity measures.

Description last updated: 2024-05-04T16:28:46.305Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Alphv is a possible alias for Sphynx. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB	5

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Sphynx Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	US Government Warns Healthcare is Biggest Target for BlackCat Affiliat
BankInfoSecurity	9 months ago	BlackCat Pounces on Health Sector After Federal Takedown
CERT-EU	9 months ago	CISA, FBI Warn of Continued BlackCat Ransomware Activity \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	9 months ago	FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector
CERT-EU	9 months ago	FBI, CISA warns Of ALPHV Blackcat Ransomware Attacking Hospitals \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	US healthcare alerted against BlackCat amid targeted attacks \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	9 months ago	CISA, FBI, And HHS Update \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	US seizes ALPHV/BlackCat darknet website, releases decryption tool
Flashpoint	a year ago	ALPHV's Downfall? The 2023 Crackdown on BlackCat Ransomware
CISA	a year ago	#StopRansomware: ALPHV Blackcat \| CISA
CERT-EU	a year ago	U.S. Treasury Sanctions Russian Money Launderer in Cybercrime Crackdown
Unit42	a year ago	BlackCat Climbs the Summit With a New Tactic
Trend Micro	a year ago	How to Prevent Ransomware as a Service (RaaS) Attacks
CERT-EU	a year ago	BlackCat Alphv Ransomware
CERT-EU	a year ago	LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
CERT-EU	a year ago	Cyber Security Week in Review: September 22, 2023
CERT-EU	a year ago	Cyber Security Today, Sept. 23, 2023 – Nova Scotia details MOVEit victims, a new ransomware strain found and more \| IT World Canada News
CERT-EU	a year ago	BlackCat Ransomware Leveraging Remote Monitoring Tools \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	BlackCat Ransomware Leveraging Remote Monitoring Tools to Encrypt Azure Storage
CERT-EU	a year ago	BlackCat ransomware hits Azure Storage with Sphynx encryptor