BlackCat Ransomware, affected over 60 companies in less than six months

BlackCat Ransomware, affected over 60 companies in less than six months

BlackCat Ransomware

According to the United States Federal Bureau of Investigation (FBI), the BlackCat ransomware group would hit no less than 60 targets within a few months, i.e. from November 2021 to March 2022. The group is also known as ALPHV and would be the first to use the new RUST programming language, considered by the FBI to be one of the safest languages ​​in this area, as well as able to guarantee greater performance and reliable simultaneous processing. The BlackCat ransomware executable file is highly customizable and supports various encryption methods and options. This makes it extremely adaptable based on the chosen target.

This information was disclosed by the Bureau through a so-called "flash alert", a series of reports that highlight tactics, techniques and procedures used as indicators of the state of compromise regarding the variants of ransomware identified by the FBI during its investigation. Also according to the FBI, BlackCat / ALPHV has direct links to another well-known group of cybercriminals, namely Darkside / Blackmatter. Gangs would share resources such as developers and money laundering experts, which denotes a great deal of experience and expertise in ransomware operations.

The FBI has a dedicated cybercrime division that also investigates ransomware groups
Ransomware continues to claim victims and appears to be one of the preferred attack vectors even by groups previously unrelated to these techniques. The advice is always to pay close attention to possible phishing emails and suspicious links sent by known and unknown contacts. It is also of fundamental importance to choose one of the best antivirus to protect yourself from ransomware.

FBI Warning as BlackCat Ransomware Breaches at Least 60 Organizations

Ransomware-as-a-service (RaaS) group BlackCat, has already compromised 60 entities worldwide, according to a FLASH warning issued by the Federal Bureau of Investigation (FBI) this week.

The report confirms that the recently established BlackCat group are typically requesting ransom payments of several million dollars, and are carrying out their attacks using Rust, a highly advanced coding language.

The FLASH warning – which is one of a series of reports the FBI is making about the rise of ransomware cases – highlights the need for business vigilance in the face of increasingly sophisticated cyberattacks.

FBI Issues a ‘FLASH Alert' About BlackCat Ransomware

BlackCat, also known as ALPHV, are a ransomware family that have previously been linked to the defunct RaaS groups BlackMatter, DarkSide, and REvil.

In a FLASH warning released by the FBI this week, the bureau warned that as of March 2022 the criminal gang have successfully breached at least 60 global servers.

While the cost of each ransom request varies, the report revealed that the threat actors are typically demanding payments of up to several million dollars in Monero or Bitcoin. They are, however, accepting payments below the initial amount if organizations refuse or are unable to pay the sum in full.

According to a recent threat assessment by the cyber security company Palo Alto Networks, BlackCat's victims are not limited to one country, with successful attacks being leveraged on organizations from the Philippines to Europe.

However, the RaaS group is appearing to give particular focus to U.S. organizations, with most successful attacks being carried out on home soil.

BlackCat: A Uniquely Sophisticated Threat

While these ransomware attacks may sound alarming, security breaches are nothing new. In fact, research from Atlas VPN reveals that almost six billion online accounts are targeted in data breaches each year.

However, while cyberattacks are indeed becoming the new normal, BlackCat and its steadily widening reach should spark concern among U.S. businesses for a number of reasons.

Firstly, just like its predecessors, BlackMatter and DarkSide, BlackCat's ransomware software, of the same name, runs on Rust. Rust is a coding language that can be run on embedded devices and can integrate with other languages.

According to the FBI's FLASH warning, this coding language is capable of inflicting greater damage because it's harder to detect and it offers ‘improved performance and reliable concurrent processing'.

“BlackCat/ALPHV steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored.” – FBI's FLASH report

And other cybersecurity experts agree, with Carolyn Crandall, chief security advocate at Attivo Networks attesting that BlackCat's new code is particularly effective at circumventing endpoint defense systems.

The FBI also revealed that BlackCat is able to leverage Windows and Microsoft's tools to deploy the ransomware. From here, the group is able to disable security features within the victim's network, and edit, delete or seize their compromised data.

Ransomware Attacks are Rising Across the Board

Unfortunately, BlackCat's ransomware attacks aren't happening in isolation.

According to security firm Sophos, 37% of businesses were hit by ransomware attacks in 2021, with bigger organizations appearing to be at a greater risk.

And the rate of breaches doesn't seem to be slowing down, with the FBI revealing that ransomware groups are upping their ante by targeting public services including utilities, emergency services, and education.

What's more, earlier this week, the FBI also announced that U.S. agriculture is the latest sector to be targeted by the malware.

What Advice does the FBI Have for American Businesses?

For organizations impacted by BlackCat, getting struck is more than just a case of bad luck. Fortunately, for U.S. organizations looking to evade breaches, the FBI has issued a set of preventative safety measures to follow.

Here are just a few tips to adhere to if you want to protect your business from BlackCat and similar ransomware groups.

  • Use multi-factor authentication where possible
  • Install and frequently update anti-malware and antivirus software across business networks
  • Avoid using unsecured networks and use virtual private networks (VPN)
  • Regularly change passwords to network systems and use different passwords across accounts
  • Review domain controllers for unorganized user accounts
  • If compromised, avoid paying ransoms – payment will not guarantee files will be recovered