BlackCat, also called ALPHV, is a ransomware group that gained notoriety in November 2021 for its innovative deployment of ransomware attacks. In addition to the way it deploys its attacks, BlackCat is also a for-hire service, catering to malicious actors looking for someone to carry out attacks on their behalf. BlackCat has been loud and proud when taking credit for its attacks – shaming victims on its leak website – with the largest number of BlackCat victims located in the U.S.
Victims include companies in various sectors, from telecommunications to insurance, pharmaceuticals, and even construction and engineering.
What is Ransomware as a Service (RaaS)?
Ransomware is malware that utilizes encryption to hold the victim’s information for ransom. This means that you would be completely blocked off from accessing your company applications, files, and even databases. If the victim, or victims, want to take back control, they must pay the demanded ransom, or their network will remain paralyzed.
Ransomware-as-a-Service (RaaS) allows bad actors to hire a malicious provider, such as BlackCat, to deploy such an attack, on their behalf– for a price.
How is BlackCat different from other (RaaS) providers?
Like other groups that provide RaaS options, BlackCat ransoms money from organizations by stealing data and extorting said company by threatening to release that data publicly if it doesn’t pay up.
But BlackCat goes one step further and threatens to launch a Distributed Denial-of-Service (DDoS) attack if the ransom is not paid. DDoS is a malicious attempt to disrupt the normal traffic of the targeted organization by overwhelming it with Internet traffic. This is known as triple extortion.
BlackCat is known for actively searching for affiliates in cybercrime forums, offering affiliates the ability to leverage the ransomware and keep up to 90% of the ransom payment, with BlackCat claiming the remaining profits.
One of the scarier facts about BlackCat is that it is the first ransomware group to have successfully attacked victims using legitimate and trusted programming language, Rust.
What is Rust?
Rust is a program that started as a pet project by Mozilla employee Graydon Hoare in 2006. The Mozilla Foundation began officially sponsoring the project three years later, and in 2021 the Rust Foundation was created by a reputable group that included Microsoft, Google, Mozilla, and Amazon to continue development.
Today Rust is voted the “most beloved” programming language in Stack Overflow’s annual developer survey and has been for the last six years. This makes it a natural choice for the RaaS group to use in its attacks.
Severity of the BlackCat Threat
The FBI issued a flash warning earlier this year regarding the activities of BlackCat, which states that the group’s ransomware has been used to attack at least 60 organizations globally so far.
The cybercriminal gang has also targeted several high-profile victims for ransom, including an aviation services company called Swissport and German oil companies Oiltanking and Mabanaft.
Employing Ransomware Protection Techniques
It’s not easy to build true ransomware protection tactics that will have the capacity to prevent every cyberattack that could come up. However, enlisting a proper multi-layer ransomware protection solution that can detect and block malware with threat intelligence, machine learning, and next-gen antivirus capabilities can help prevent most ransomware attacks.
Proactively dealing with these malicious attacks only aids in preventing these gaps in the future.
Name: Michael Bertini
Job Title: Consultant