[MART] - Daily Diary #445 - Meet BlackCat Ransomware
CTAS-MAT
ctas-mat at appgate.com
Thu Feb 3 21:18:52 UTC 2022
Hello,
I hope everyone is doing well!
Below is the entry for today.
02/03/2022 - Diary entry #445:
BlackCat, also known as ALPHV, is a new Ransomware group that emerged in November 2021 and is likely a rebrand of BlackMatter and Darkside. BlackCat quickly got notoriety in the RaaS scenario by making lots of victims and getting former affiliates involved in other known Ransomware operations like REvil, BlackMatter, and DarkSide, offering them 80-90% of ransom payments.
Operating using a triple-extortion model, BlackCat publishes stolen data from its victims in their wall of shame, threatening to leak data, and also to launch a distributed denial-of-service (DDoS) attack if the ransom is not paid. Their wall-of-shame blog has 25 victims with their data published since November 30th, 2021. Its affiliates have been asking for ransom amounts of up to $14 million, offering discounts if the ransom is paid before the established time.
BlackCat's malware is written in Russian and is the first Ransomware strain developed in the Rust programming language. Rust was designed for performance and safety, having efficient encryption algorithms capabilities, and allows the threat actors to easily compile it to target different operating system architectures. BlackCat contains hardcoded credentials to move laterally and has implemented several evasion techniques used to disable security solutions, backup software, or any application that may disturb the encryption process.
We expect BlackCat to make more victims as their operation attracts more affiliates and media attention, posing as another player in the RaaS business.
Kind Regards,
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>
[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity> [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>
Felipe Tarijon de Almeida
Malware Analyst
Appgate
E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
C: +55 11 97467 9549
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220203/f91c86a1/attachment.htm>
More information about the MART
mailing list