What is this BlackCat thing I’ve heard about?

BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide.

What makes BlackCat different from other ransomware-as-a-service providers?

Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive data (and threatening to release it publicly), and encrypting systems. But BlackCat goes one stage further and also threatens to launch a distributed denial-of-service (DDoS) attack if its demands are not met.

This technique is known as “triple extortion.”

Furthermore, BlackCat has gained traction since late 2021 by offering payouts to its affiliates of up to 90%.

So criminals who previously worked with the REvil, BlackMatter, and DarkSide ransomware gangs may be lured to using BlackCat instead?

Precisely.

And the potential financial gains to be made by BlackCat ransomware affiliates may be further boosted by the fact that the sophisticated BlackCat ransomware is written in the Rust programming language. The use of Rust reduces the chances of the ransomware executable containing bugs that security researchers may be able to exploit, as well as making it fast to find and encrypt files on targeted networks, and able to run on Windows and Linux systems.

So, it’s not just Windows computers that could be hit?

Correct. Which means that there is potential for even more computer systems within an organisation to be hit – including some that IT administrators may have previously imagined would have been avoided.

Sounds nasty. Have their been able high profile attacks linked to the BlackCat ransomware group?

ZDNet reports that BlackCat was responsible for last weekend’s attack on two German oil companies, causing serious disruption for hundreds of gas stations, and caused one of the largest oil and gas companies to (Read more...)