Skip to content

BlackCat Ransomware Gang breaches more than 60 organisations: FBI

  • by
  • 2 min read

After only appearing on the ransomware crime scene in November 2021, the BlackCat ransomware gang has breached more than 60 organisations as of March 2022 as per a security advisory. 

The group, also known as ALPHV, operates a Windows ransomware-as-a-service. Security researchers and law enforcement agencies have linked the ransomware’s developers to the infamous Darkside and Blackmatter crime rings. 

The gang is also the first-known ransomware group to breach networks with malware written in Rust successfully. Security researchers at Cisco Talos and Palo Alto Networks Unit 42 have also pointed out the gang’s preference for Rust — a secure programming language that offers better performance and reliable concurrent processing. 

In the News: Pixel Watch prototype, Apple’s App Store improvement, Martian solar eclipses and more

Using security for the worse

According to the FBI report, BlackCat affiliated threat actors often demand ransom payments in millions of dollars in either Bitcoin or Monero. However, the gang is known to have accepted payments lesser than the initial ransom demand. 

The gang uses previously compromised credentials to gain early access to victim networks and, once access is established, compromises the active directory user and administrator accounts. Threat actors steal victim data before encrypting the system with ransomware. Data stolen includes any cloud sources where the company or client data may be stored. 

9 ways to secure your PC against ransomware attack

Their malware uses Windows Task Scheduler to configure malicious Group Policy Objects to deploy the ransomware. Initial deployment uses PowerShell scripts in addition to Cobalt Strike, another well-known malware used to create backdoors and disable any security features on the victim network. The group has also been known to leverage Windows administrative tools and Microsoft Sysinternals tools during attacks. 

While there are no known mitigations against their ransomware at the moment, the FBI strongly discourages paying any ransomware, as there’s no guarantee of data recovery following the payment. There’s a list of general security mitigations included in the FBI’s report as well. 

In the News: Stripe launches crypto payments in USDC

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: