FBI: BlackCat Ransomware Has Successfully Penetrated IT Systems At Least 60 Times Worldwide
BlackCat executable ransomware is highly customizable and supports a number of encryption methods.
Ransomware gangs, including BlackByte, Ragnar Locker, and Avoslocker, have targeted and already penetrated dozens of critical U.S. infrastructures. BlackCat/ALPHV “is the first ransomware group to successfully use RUST, a programming language that is considered more secure and offers improved performance and reliable concurrent processing,” the FBI said in its report.
BlackCat’s executable ransomware is also highly customizable and supports multiple encryption methods and options, making it easy to tailor attacks to an organization’s particular IT infrastructure. “Many of BlackCat/ALPHV’s developers and money launderers are affiliated with Darkside/Blackmatter, indicating that they have extensive networks and experience with ransomware operations,” the FBI added.
Does BlackMatter equal BlackCat?
The DarkSide RaaS operation launched in August 2020 and was shut down in May 2021 after law enforcement tried to take down the gang following the Colonial Pipeline attack. Although they renamed themselves BlackMatter on July 31, they were soon forced to cease operations again in November 2021. Emsisoft had found a vulnerability in the ransomware and developed a decryptor, at which point the gang’s servers were seized.
A month after the BlackCat ransomware was launched in November 2021, a connection between BlackCat and BlackMatter came to light. BlackCat claims to be just a DarkSide/BlackMatter affiliate that launched its own Ransomware-as-a-Service (RaaS) operation. Security researchers doubt this version, as they have found similarities in the functions and configuration files.
The FBI has asked victims to report attacks and not pay ransoms. It is hoping for information that will help track down the threat actors behind the ransomware group, including “IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, or an example of an encrypted file,” according to the FBI.
