The U.S. Federal Bureau of Investigation (FBI) has announced a new attacks as BlackCat ransomware-as-a-service (RaaS), which has been targeted at least 60 organizations worldwide between as of March 2022 since its emergence last November.
A BlackCat (also known as ALPHV), is a professional cybercrime group that writes ransomware in Rust programming language and operates under Ransomware as a service(Raas)model.This group has been recruiting affiliates from other ransomware groups and targeting organizations worldwide.
Rust is a programming language,designed for performance and safety, especially safe concurrency.Black cat is first malware ever written in Rust . It is a cross platform language, allowing developers to target several operating systems with the same code.Rust offers, the attackers also take advantage of a lower detection ratio from static analysis tools, which is not used by many programming languages.
Other Ransomware groups extort money from targeted organizations or individual
persons by stealing sensitive data by threatening to release it publicly and
encrypting systems. But Blackcat threatened publishing sensitive data stolen from
the compromised networks and/or deploying Distributed Denial-of-Service (DDoS)
attacks - when victims refuse to meet the ransom demands.
This technique is known as “Triple Extortion.”
BlackCat has been offering payouts up to 80 to 90 % to their affiliates of the ransom payment, and once approved, are given access to a control panel that manages access.
BlackCat ransomware leverages already compromised client authorization to gain
access to the victim system. The deployment of a malware program enhances
PowerShell documents, in line with Cobalt Strike, and disables security features
within the victim's network. Once the malware establishes access, it compromises
Active Directory(AD) user and admin accounts .A malware program uses the
Windows Task Scheduler to configure Group Policy Objectives to execute
But before it could execute ransomware,BlackCat steals a victim's data, including information from cloud providers and leverages Windows scripting to deploy ransomware and to compromise additional hosts.
This BlackCat Ransomware encrypts the files and rename encrypted files by appending them with specific extensions.[For example “GET IT BACK-[extension]- FILES.txt” to GET IT BACK-bzeakde-FILES.txt"] www.
The batch and PowerShell scripts were observed:
One of the biggest challenges today in cybersecurity is to quickly detect the Threats in the network and control the damage. Cloud Destinations enables you with nextgen vulnerability management which quickly detects and manages your Security controls effectively. Please reach out to email@example.com for any business related queries.