A Closer Look At BlackMagic Ransomware
Blackmagic ransomware group uses a 64-bit DLL file with a single function that is responsible for executing all the main functionality of BlackMagic ransomware.
Upon execution, It calls "sleep()" function multiple times to evade sandbox detection, kills specific processes using taskill, adds a registry key for disabling the task manager, and fetches the victim machines' IP addresses utilizing the ipconfig utility.
Once the encryption of the files is complete and the "ransom note" is dropped, It creates a .bat file named "next.bat" and performs various functions like deleting traces, kills some processes, and finally restart the system while also deleting itself.
Featured Resources
blog
AI Threat Detection: Supercharging Cyber Defenses with Intelligence & Scale
Security teams face an onslaught of ever-evolving threats, bloated alert queues and sprawling attack surfaces. Manual detection and periodic pen
Data Sheet
Automated Exposure Mitigation
Go beyond validation with automated threat mitigation. Test, detect, and block threats daily to optimize prevention and harden defenses.
blog
Achieve NIS2 Compliance with Security Control Validation
The original 2016 Network and Information Systems (NIS) Directive aimed to build cybersecurity capabilities across the European Union (EU), mitigate