After only appearing on the ransomware crime scene in November 2021, the BlackCat ransomware gang has breached more than 60 organisations as of March 2022 as per a security advisory.Â
The group, also known as ALPHV, operates a Windows ransomware-as-a-service. Security researchers and law enforcement agencies have linked the ransomware’s developers to the infamous Darkside and Blackmatter crime rings.Â
The gang is also the first-known ransomware group to breach networks with malware written in Rust successfully. Security researchers at Cisco Talos and Palo Alto Networks Unit 42 have also pointed out the gang’s preference for Rust — a secure programming language that offers better performance and reliable concurrent processing.Â
In the News: Pixel Watch prototype, Apple’s App Store improvement, Martian solar eclipses and more
Using security for the worse
According to the FBI report, BlackCat affiliated threat actors often demand ransom payments in millions of dollars in either Bitcoin or Monero. However, the gang is known to have accepted payments lesser than the initial ransom demand.
The gang uses previously compromised credentials to gain early access to victim networks and, once access is established, compromises the active directory user and administrator accounts. Threat actors steal victim data before encrypting the system with ransomware. Data stolen includes any cloud sources where the company or client data may be stored.Â
Their malware uses Windows Task Scheduler to configure malicious Group Policy Objects to deploy the ransomware. Initial deployment uses PowerShell scripts in addition to Cobalt Strike, another well-known malware used to create backdoors and disable any security features on the victim network. The group has also been known to leverage Windows administrative tools and Microsoft Sysinternals tools during attacks.
While there are no known mitigations against their ransomware at the moment, the FBI strongly discourages paying any ransomware, as there’s no guarantee of data recovery following the payment. There’s a list of general security mitigations included in the FBI’s report as well.
In the News: Stripe launches crypto payments in USDC
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.
Hello There!
If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.
How to disable start-up programs in Windows?
How to change the DNS on PS4?
Roku vs Firestick vs Chromecast: Which one’s the best pick?
Dropbox Transfer released: Users can transfer up to 100MB files for free
North Korean hackers infiltrate Russian Foreign Affairs Ministry
Top 7 anti-pollution masks you should check out
Xbox Series X: Everything unveiled so far and what you can expect
Qualcomm unveils Snapdragon 8 Plus Gen 1 and Snapdragon 7 Gen 1
