Summary: An analysis of HellCat and Morpheus ransomware operations has revealed that affiliates are using identical code for their ransomware payloads. Both ransomware variants emerged in late 2024 and share similar encryption characteristics, including the use of the Windows Cryptographic API. The findings indicate a trend of decentralized operations in the ransomware ecosystem, with a record number of attacks reported in December 2024.
Threat Actor: HellCat and Morpheus affiliates | HellCat, Morpheus
Victim: Various organizations | ransomware victims
Keypoints :
- HellCat and Morpheus ransomware share identical payload code, differing only in victim-specific data.
- Both ransomware variants encrypt files without altering their extensions and exclude certain system folders from the encryption process.
- The ransomware ecosystem is becoming increasingly decentralized, with a record 574 attacks reported in December 2024.
Source: https://thehackernews.com/2025/01/experts-find-shared-codebase-linking.html