BlackCat ransomware targeting US, European retail, construction and transportation orgs

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,540
Palo Alto said that as of December 2021, BlackCat has the 7th largest number of victims listed on their leak site among ransomware groups that Unit 42 tracks.

Palo Alto Networks' Unit 42 released a deep-dive into the BlackCat ransomware, which emerged in mid-November 2021 as an innovative ransomware-as-a-service (RaaS) group leveraging the Rust programming language and offering affiliates 80-90% of ransom payments.

In December, the ransomware family, also known as ALPHV, racked up at least 10 victims, giving it the seventh-largest number of victims listed on their leak site among ransomware groups tracked by Unit 42.

Doel Santos, threat intelligence analyst with Unit 42, told ZDNet the group has already attacked a wide range of industries, including construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components and pharmaceuticals.

Last week, Italian fashion brand Moncler was revealed to be a BlackCat victim from December.
In addition to being written in Russian and coded in the Rust programming language, the malware stood out to Santos for a number of other reasons.
 

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,540

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,764
BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive data (and threatening to release it publicly), and encrypting systems. But BlackCat goes one stage further and also threatens to launch a distributed denial-of-service (DDoS) attack if its demands are not met.

This technique is known as “triple extortion.”

Furthermore, BlackCat has gained traction since late 2021 by offering payouts to its affiliates of up to 90%.
The use of Rust reduces the chances of the ransomware executable containing bugs that security researchers may be able to exploit, as well as making it fast to find and encrypt files on targeted networks, and able to run on Windows and Linux systems.