![]() ![]() Types of Attacks CoveredĬybercrime, Conti, LockBit 2.0, Hive, AvosĪcknowledgments BlackCat Ransomware Overview Full visualization of the techniques observed, relevant courses of action and IOCs can be viewed in the Unit 42 ATOM viewer. Palo Alto Networks detects and prevents BlackCat ransomware with the following products and services: Cortex XDR and Next-Generation Firewalls (including cloud-delivered security subscriptions such as WildFire).ĭue to the surge of this malicious activity, we’ve created this threat assessment for overall awareness. Notably, they use multiple extortion techniques in some cases, including the siphoning of victim data before ransomware deployment, threats to release data if the ransom is not paid and distributed denial-of-service (DDoS) attacks. The threat actors leveraging BlackCat, often referred to as the "BlackCat gang,” utilize numerous tactics that are becoming increasingly commonplace in the ransomware space. Given its numerous native options, Rust is highly customizable, which facilitates the ability to pivot and individualize attacks. By leveraging this programming language, the malware authors are able to easily compile it against various operating system architectures. Though this is not the first piece of malware to use Rust, it is one of the first, if not the first, piece of ransomware to use it. The malware itself is coded in the Rust programming language. ![]() Effective marketing to affiliates is a likely factor – in addition to offering an enticing share of ransom payments, the group has solicited affiliates by posting ads on forums such as Ransomware Anonymous Market Place (RAMP). Use of BlackCat ransomware has grown quickly for a variety of reasons (for comparison, AvosLocker had only listed a handful of victims publicly within two months of becoming known). Victims include organizations in the following sectors: construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components and pharmaceuticals. organizations, but BlackCat and its affiliates have also attacked organizations in Europe, the Philippines and other locations. The largest number of the group’s victims so far are U.S. ![]() The remainder would be paid to the BlackCat author.īlackCat has taken an aggressive approach to naming and shaming victims, listing more than a dozen on their leak site in a little over a month. Operating a ransomware-as-a-service (RaaS) business model, BlackCat was observed soliciting for affiliates in known cybercrime forums, offering to allow affiliates to leverage the ransomware and keep 80-90% of the ransom payment. BlackCat (aka ALPHV) is a ransomware family that surfaced in mid-November 2021 and quickly gained notoriety for its sophistication and innovation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |