skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Morpheus and HellCat Ransomware Share Codebase, Analysis Reveals

/ 1 min read

🦠 New ransomware operations HellCat and Morpheus share identical codebase. An analysis by SentinelOne has revealed that the HellCat and Morpheus ransomware operations utilize the same code for their payloads, differing only in victim-specific data and attacker contact details. Both ransomware types, which emerged in late 2024, encrypt files without altering their extensions and rely on the Windows Cryptographic API for encryption. The findings indicate a potential collaboration among affiliates of these groups, as they follow similar ransom note templates. December 2024 saw a record 574 ransomware attacks, highlighting a fragmented yet resilient ransomware landscape, with new actors like FunkSec contributing to an increasingly turbulent threat environment as we move into 2025.

Source
{entry.data.source.title}
Original