Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • BlackCat ransomware – what you need to know
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

BlackCat ransomware – what you need to know

4 years ago Graham Cluley
BlackCat ransomware – what you need to know

What is this BlackCat thing I’ve heard about?

BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide.

What makes BlackCat different from other ransomware-as-a-service providers?

Like other ransomware groups, BlackCat extorts money from targeted organisations by stealing sensitive data (and threatening to release it publicly), and encrypting systems. But BlackCat goes one stage further and also threatens to launch a distributed denial-of-service (DDoS) attack if its demands are not met.

This technique is known as “triple extortion.”

Furthermore, BlackCat has gained traction since late 2021 by offering payouts to its affiliates of up to 90%.

So criminals who previously worked with the REvil, BlackMatter, and DarkSide ransomware gangs may be lured to using BlackCat instead?

Precisely.

And the potential financial gains to be made by BlackCat ransomware affiliates may be further boosted by the fact that the sophisticated BlackCat ransomware is written in the Rust programming language. The use of Rust reduces the chances of the ransomware executable containing bugs that security researchers may be able to exploit, as well as making it fast to find and encrypt files on targeted networks, and able to run on Windows and Linux systems.

So, it’s not just Windows computers that could be hit?

Correct. Which means that there is potential for even more computer systems within an organisation to be hit – including some that IT administrators may have previously imagined would have been avoided.

Sounds nasty. Have their been able high profile attacks linked to the BlackCat ransomware group?

ZDNet reports that BlackCat was responsible for last weekend’s attack on two German oil companies, causing serious disruption for hundreds of gas stations, and caused Shell to reroute supplies.

How much money are BlackCat asking for?

That will vary depending on the target, but some companies have reportedly been the recipients of demands of up to $14 million.

Discounts are available for companies who pay up early.

That’s kind of the cybercriminals! Do we know who is responsible?

It seems likely that BlackCat has been born out of the ashes of other ransomware groups, some of whom have been feeling the heat lately due to a number of arrests and action being taken against infrastructure by law enforcement.

Investigative cybersecurity reporter Brian Krebs has published an interesting account of his contact with online criminals who may be associated with BlackCat.

What can be said with some certainty is that the group is Russian-speaking.

So how can my company protect itself from the BlackCat ransomware?

It’s the same advice as with other ransomware, which includes

  • making secure offsite backups.
  • running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities.
  • using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication.
  • encrypting sensitive data wherever possible.
  • educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data.

If my company has been unlucky enough to have fallen victim to BlackCat, should we pay the ransom?

That’s a decision that only your company can make. The more companies that pay a ransom, the more likely it is that criminals will launch similar attacks in the future.

At the same time, your business may feel it has no choice but to make the difficult decision to pay if the alternative is to risk the entire business.

Whatever your decision, you should inform law enforcement agencies of the incident and work with them to help them investigate who might be behind the attacks.

And remember this: paying the ransom does not necessarily mean you have erased the security problems that allowed you to be infected in the first place. If you don’t find out what went wrong – and why – and fix it, then you could easily fall victim to further cybercrime attacks in the future.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” BlackCat ransomware – what you need to know” appeared first on TripWire

Source:TripWire – Graham Cluley

Tags: Encryption, Exploit, Finance, High Severity, Linux, Malware, Ransomware, TripWire

Continue Reading

Previous Critical Flaws Discovered in Cisco Small Business RV Series Routers
Next Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

2 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

3 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

6 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

8 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

11 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT