The BlackCat ransomware gang has attacked the Austrian Federal state of Carinthia. The gang, also called ALPHV, demanded $5 million to unlock around 3000 computers impacted by the attack.
Carinthia’s email services and website are down at the time of writing. The attack happened Tuesday and since has disturbed administrative work. The attack has also impacted COVID-19 test processing and contact tracing through the region’s administrative offices.
According to Euractiv, state spokesperson Gerd Kurath reported the ransom being set at $5 million and added that the state has no intention of meeting the hackers’ demands.
The state plans to restore the impacted computers using backups. Kurath added that the first batch of recovered computers became available starting Friday.
There’s also no evidence to suggest that the attackers stole any data from the state’s systems. This is supported by the fact that BlackCat’s data leak site didn’t have any data from Carinthia, indicating that the attack itself or negotiations aren’t complete yet.
As for the gang itself, BlackCat is mainly comprised of DarkSide gang members responsible for the Colonial Pipeline ransomware attack last year. The FBI had issued a notice warning organisations that BlackCat had attacked over 60 organisations worldwide in April 2022.
BlackCat is also one of the first ransomware groups to use RUST, pointed out by the FBI and security researchers at Cisco Talos and Palo Alto Networks’ Unit 42. RUST is a comparatively more secure programming language and is not commonly used in the cybersecurity space.
According to the FBI’s report, the gang demands payment, usually in Bitcoin or Monero. They’ve been known to accept payments lower than the initial amount suggesting that negotiations might be a way out.