In a TLP:WHITE flash alert released on Wednesday, the Federal Bureau of Investigation (FBI) disclosed that the BlackCat ransomware gang had already compromised about 60 entities worldwide.
The campaign was said to have span between November 2021 and March 2022. During the hacking spree, the group also know as ALPHV, successfully utilized RUST to execute their objective and are described by the FBI as the first to do so.
The BlackCat ransomware itself is also highly customizable and supports multiple encryptions methods that makes more potent. It is also adaptive in almost all corporate environments and the success of recent campaigns affirmed this fact.
More on the BlackCat Ransomware Gang
ALPHV is a ransomware-as-a-service(RaaS), which was first detected in November 2021, the ransomware group tries to blackmail victims into paying ransoms with threats of DDoS (Distributed denial of service).
Distributed denial of service(DDoS) attacks are subclass of denial of service attacks that involves the use of multiple connected computers known as Botnet, which are used to overwhelm a target website with fake traffic.
The cybercriminals steals data from the victim before deployment of the ransomware, including company or client data stored on the cloud then request ransom payments in millions from the victims.
Since the discovery of the of the Blackcat/APHLV, there have been 194 submissions to ID ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files. The group also published on its site, data they have stolen from at least 40 organizations.
After breaching the target’s network, they use various methods to infect targeted systems including compromised RDP, phishing attacks, exploiting vulnerabilities and stealing credentials. The gang were said to have been deploy the same tactics in the attack that affected oil transport and companies in February.
The FBI linked the blackcat group to Darkside. It claimed that many of the developers and money launderers for ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations.
