HellCat and Morpheus Ransomware Groups Share Identical Code
/ 1 min read
🦠 Emerging ransomware groups HellCat and Morpheus share identical payloads. Recent analysis reveals that the ransomware operations HellCat and Morpheus, both active in late 2024, utilize nearly identical code in their payloads, despite differing public profiles. HellCat, known for targeting high-value entities, has gained notoriety through aggressive branding, while Morpheus operates more discreetly, focusing on specific industries like pharmaceuticals. Both ransomware types employ a unique encryption method that retains original file extensions post-encryption, a deviation from typical ransomware behavior. The similarities in their payloads suggest a potential shared codebase among affiliates, raising concerns about the evolving landscape of ransomware threats. SentinelOne’s detection capabilities are highlighted as a defense against these emerging threats.
