Back Icon Back

cloud destinations



Sept 2022


  • Black Cat Ransomware
  • Ransomware
  • Data Breach
  • Cybersecurity
  • Data protection


8 Min Read

Black Cat Breaches Over 60 Organizantions Worldwide

The U.S. Federal Bureau of Investigation (FBI) has announced a new attacks as BlackCat ransomware-as-a-service (RaaS), which has been targeted at least 60 organizations worldwide between as of March 2022 since its emergence last November.

What is BlackCat Ransomeware?

A BlackCat (also known as ALPHV), is a professional cybercrime group that writes ransomware in Rust programming language and operates under Ransomware as a service(Raas)model.This group has been recruiting affiliates from other ransomware groups and targeting organizations worldwide.

What is Rust?

Rust is a programming language,designed for performance and safety, especially safe concurrency.Black cat is first malware ever written in Rust . It is a cross platform language, allowing developers to target several operating systems with the same code. Rust offers, the attackers also take advantage of a lower detection ratio from static analysis tools, which is not used by many programming languages.

What makes Blackcat different from other RAAS:

Other Ransomware groups extort money from targeted organizations or individual persons by stealing sensitive data by threatening to release it publicly and encrypting systems. But Blackcat threatened publishing sensitive data stolen from the compromised networks and/or deploying Distributed Denial-of-Service (DDoS) attacks - when victims refuse to meet the ransom demands.

This technique is known as “Triple Extortion.”

BlackCat has been offering payouts up to 80 to 90 % to their affiliates of the ransom payment, and once approved, are given access to a control panel that manages access.

How does it work?

BlackCat ransomware leverages already compromised client authorization to gain access to the victim system. The deployment of a malware program enhances PowerShell documents, in line with Cobalt Strike, and disables security features within the victim's network. Once the malware establishes access, it compromises Active Directory(AD) user and admin accounts. A malware program uses the Windows Task Scheduler to configure Group Policy Objectives to execute ransomware.

But before it could execute ransomware, BlackCat steals a victim's data, including information from cloud providers and leverages Windows scripting to deploy ransomware and to compromise additional hosts.

This BlackCat Ransomware encrypts the files and rename encrypted files by appending them with specific extensions.[For example “GET IT BACK-[extension]- FILES.txt” to GET IT BACK-bzeakde-FILES.txt"] www.

The batch and PowerShell scripts were observed:

  • start.bat - It launches the code to execute the arguments.
  • est.bat - It copies ransomware frome one location to many.
  • drag-and-drop-target.bat - It launches the ransomware executable for the MySQL Server
  • run.bat - It executes a callout command to an external server using SSH - file names may change depending on the company and systems affected
  • Runs1.ps1 – PowerShell script to disable Antivirus.

Set Basics Rights:

  • Reviewing domain , servers, workstations for new or unauthorized user accounts.
  • Regularly back up data,protect backup copies offline by using password. Ensure copies of critical files are not accessible for modification or deletion from system.
  • Install updates and patching OS, software, and firmware as soon as updates/patches are released.
  • Use Multi Factor Authentication(MFA).

CD Bytes!

One of the biggest challenges today in cybersecurity is to quickly detect the Threats in the network and control the damage. Cloud Destinations enables you with nextgen vulnerability management which quickly detects and manages your Security controls effectively. Please reach out to for any business related queries.

Back Icon Back Blogs

Related Posts

cloud destinations partners

United States

2603 Camino Ramon, Bishop Ranch 3, Suite 200, San Ramon, CA 94583, USA

cloud destinations partners


9850 King George Blvd, 2nd-5th Floor, Surrey, British Columbia, V3T 4Y3, Canada

cloud destinations partners


833A/ 3, Level 28, The Gardens South Tower, Mid Valley City, Lingkaran Syed Putra, 59200, Kuala Lumpur, Malaysia

cloud destinations partners


Block A2, First Floor, Span Ventures SEZ, Rathinam Tech Zone, Pollachi Main Road, Eachanari, Coimbatore – 641021

cloud destinations partners


WorkEZ Urban Square, Kandanchavadi, OMR, Kottivakkam, Rajiv Gandhi Salai, Chennai – 600041

Thank you for visiting our website! We use cookies to enhance your experience. These cookies help us remember your preferences, display relevant information, and ensure smooth functionality. By clicking “Accept,” you consent to our use of cookies. For more details, please see our Privacy Policy.