FBI warns of BlackCat ransomware that has breached 60 entities worldwide

The FBI has sent a high alert on the BlackCat ransomware-as-a-Service, as the variant have affected at least 60 entities across the world from November 2021 to March 2022 .

The BlackCat ransomware has been also known by the name ALPHV and Noberus, the ransomware is coded in the Rust programming language that is known by the memory safe and improved the performance gradually.

Relation between BlackMatter and BlackCat ransomware

The developers and money launderers of BlackCat/APLHV are connected with BlackMatter/DarkSide as they have deeper connections with the ransomware universe, said the FBI in their advisory published last week.

The update from FBI came after reports from Kaspersky and Cisco Talos revealed the connection between BlackCat ransomware and BlackMatter ransomware families, including the use of altered version of data exfiltration tool that has been already seen in BlackMattter behavior.

Key highlights on BlackCat ransomware and its modus operandi

Rust comes with some development-based advantages. However, the hackers also take advantage of lower detection ratio from static analysis tools as per the AT&T Alien Labs mentioned earlier. BlackCat is known for theft of victim data before encryption of the files using credential stealing malware to access the target system and its data.

As per Forescout’s Vedere Labs, an internet-exposed SonicWall firewall was penetrated to gain access to the network and then was later proceeded for encryption of VMware ESXi virtual farm. The BlackCat ransomware deployment has seen first on March 17, 2022. The victims are asked not to pay the ransoms and ensure they report ransomware incidents to the law enforcement agency as and when they are aware of it.

As per the FBI advisory, organizations are requested to review their domain controllers, workstations, active directories and servers for new or unrecognized user accounts, offline backups, implement network segmentation, apply software updates, ensure MFA data security and compliance protocols.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.