BlackCat ransomware targeting US, European retail, construction and transportation orgs

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.zdnet.com/article/blackcat-ransomware-targeting-us-european-retail-construction-and-transportation-orgs/
Palo Alto said that as of December 2021, BlackCat has the 7th largest number of victims listed on their leak site among ransomware groups that Unit 42 tracks.

Palo Alto Networks' Unit 42 released a deep-dive into the BlackCat ransomware, which emerged in mid-November 2021 as an innovative ransomware-as-a-service (RaaS) group leveraging the Rust programming language and offering affiliates 80-90% of ransom payments.

In December, the ransomware family, also known as ALPHV, racked up at least 10 victims, giving it the seventh-largest number of victims listed on their leak site among ransomware groups tracked by Unit 42.

Doel Santos, threat intelligence analyst with Unit 42, told ZDNet the group has already attacked a wide range of industries, including construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components and pharmaceuticals.

Last week, Italian fashion brand Moncler was revealed to be a BlackCat victim from December.
In addition to being written in Russian and coded in the Rust programming language, the malware stood out to Santos for a number of other reasons.
Click to expand...
 
  • Like
  • Wow
Reactions: struppigel, [correlate], Venustus and 3 others
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520

Who Wrote the ALPHV/BlackCat Ransomware Strain? – Krebs on Security

krebsonsecurity.com

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “BlackCat“), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language. In this post, we’ll explore some of the clues left behind by a developer who was reputedly hired to code the ransomware variant.
Click to expand...
 
  • Like
Reactions: struppigel, [correlate], Gandalf_The_Grey and 1 other person
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide. Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive data (and threatening to release it publicly), and encrypting systems. But BlackCat goes one stage further and also threatens to launch a distributed denial-of-service (DDoS) attack if its demands are not met.

This technique is known as “triple extortion.”

Furthermore, BlackCat has gained traction since late 2021 by offering payouts to its affiliates of up to 90%.
Click to expand...
The use of Rust reduces the chances of the ransomware executable containing bugs that security researchers may be able to exploit, as well as making it fast to find and encrypt files on targeted networks, and able to run on Windows and Linux systems.
Click to expand...
www.tripwire.com

BlackCat ransomware - what you need to know

BlackCat is a relatively new RaaS operation, which has been aggressively recruiting affiliates and targeting organisations worldwide.
www.tripwire.com www.tripwire.com
 
  • Like
Reactions: struppigel, [correlate], Andy Ful and 2 others
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
    • Applause
Security News US State Department offers millions for tips on ALPHV and Hive gangs
Replies
1
Views
1,865
Security News
vtqhtr413
vtqhtr413
silversurfer
    • Like
    • +Reputation
    • Thanks
New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets
Replies
0
Views
1,086
News Archive
silversurfer
silversurfer
MuzzMelbourne
    • Like
    • +Reputation
New Buhti ransomware gang uses leaked Windows, Linux encryptors
Replies
0
Views
1,317
News Archive
MuzzMelbourne
MuzzMelbourne

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top