Cybersecurity: BlackCat Ransomware Attacks Over 60 Companies Worldwide
The FBI has issued a warning about the BlackCat ransomware-as-a-service (RaaS), which it claims has victimized at least 60 entities worldwide as of March 2022, since its discovery last November.
The ransomware, also known as ALPHV and Noberus, is notable for being the first malware written in the Rust programming language, which is known to be memory safe and offer improved performance.
“Many of the BlackCat/ALPHV developers and money launderers are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations,” the FBI said in a recent advisory.
The announcement comes just weeks after twin reports from Cisco Talos and Kasperksy uncovered links between the BlackCat and BlackMatter ransomware families, including the use of a modified version of a data exfiltration tool known as Fendr that was previously only seen in BlackMatter-related activity.
“Aside from the development advantages Rust provides, attackers also benefit from a lower detection ratio from static analysis tools, which aren’t typically adapted to all programming languages,” AT&T Alien Labs noted earlier this year.
BlackCat’s method of operation, like that of other RaaS groups, involves the theft of victim data prior to the execution of the ransomware, with the malware frequently leveraging compromised user credentials to gain initial access to the target system.
In a BlackCat ransomware incident investigated by Forescout’s Vedere Labs, an internet-exposed SonicWall firewall was breached to gain initial network access before moving to and encrypting a VMware ESXi virtual farm. The ransomware attack is said to have occurred on March 17, 2022.
Aside from advising victims to report ransomware incidents as soon as possible, the law enforcement agency also stated that paying ransoms is not encouraged because there is no guarantee that encrypted files will be recovered. It did, however, acknowledge that victims may be forced to comply with such demands in order to protect shareholders, employees, and customers.
The FBI advises organizations to check domain controllers, servers, workstations, and active directories for new or unknown user accounts, perform offline backups, implement network segmentation, apply software updates, and secure accounts with multi-factor authentication.
