Reports published in late September 2022 noted the group’s use of an upgraded version of the ExMatter data exfiltration tool and of Eamfo, a malware designed to steal credentials stored by Veeam backup software, according to threat researchers. Now that BlackCat is deemed as a significant threat, it is thus incumbent for organizations to familiarize themselves with the knowledge of the tactics, techniques, and procedures (TTPs) that the BlackCat gang employs. Aside from exposing exfiltrated data, ransomware actors that use triple extortion threaten to launch distributed denial-of-service (DDoS) attacks on their victims’ infrastructure to coerce them to pay the ransom.Īccording to the Federal Bureau of Investigation’s (FBI) advisory published on April 19, 2022, several developers and money launderers for BlackCat have links to two defunct ransomware-as-a-service (RaaS) groups – DarkSide and BlackMatter – suggesting that they have been leveraging established networks and extensive experience in the RaaS business. Since then, BlackCat ransomware has frequently made the headlines for its successive attacks on high-profile targets and its use of triple extortion which has endowed the group with a distinct competitive edge over other RaaS operators. (Last update: December 21, 2022) First observed in mid-November 2021 by researchers from the MalwareHunterTeam, BlackCat (aka AlphaVM, AlphaV, or ALPHV) swiftly gained notoriety for being the first major professional ransomware family to be written in Rust, a cross-platform language that enables malicious actors to customize malware with ease for different operating systems like Windows and Linux, thus affording a wide range of enterprise environments. View infographic of "Ransomware Spotlight: BlackCat" As this ransomware group forges its way to gain more clout, we examine its operations and discuss how organizations can shore up their defenses against it. Known for its unconventional methods and use of advanced extortion techniques, BlackCat has quickly risen to prominence in the cybercrime community.
0 Comments
Leave a Reply. |