In 4 months, the Black Cat group hacked 60 organizations around the world

group Black Cat
Written by Emma Davis

Between November 2021 and March 2022, the Black Cat ransomware group (aka ALPHV) compromised the networks of at least 60 organizations around the world.

This was announced in a joint notice issued by the FBI cyber unit and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday, April 20.

According to Forbes, the notice is part of a series of similar reports on tactics, techniques and procedures, as well as indicators of compromise (IOC) ransomware identified by the FBI during investigations.

So, since the beginning of the year, the FBI has issued notices regarding such cyber-ransomware groups as BlackByte, Ragnar Locker and Avoslocker, which hacked dozens of critical infrastructure organizations in the United States. And, for example, the FBI said that DoppelPaymer operators threaten and harass their victims.

BlackCat/ALPHV is the first cyber-ransomware group to have made great strides with RUST, which is considered a more secure programming language and provides improved performance and parallel processing reliability.the FBI notice reads.

The BlackCat ransomware executable is very easy to customize. In addition, it supports many encryption methods and options, thanks to which attacks can be easily adapted to any corporate environment.

The researchers believe that BlackCat group may be made up of some former members of the BlackMatter team joined by affiliates from other extortionist gangs.

While ALPHV claims to be former partners of BlackMatter, it’s more likely that they *are* BlackMatter just trying to distance themselves from this brand due to the reputational hit they received after a bug [we discovered] that cost their partners of several million dollars.Emsisoft analyst Brett Callow said on the Bleeping Computer request.
Brett Callow

Brett Callow

The FBI encourages system administrators who detect BlackCat activity on their company’s networks to forward the relevant information to the FBI cyber unit.

Let me also remind you that we talked about the fact that Ragnar Locker ransomware operators prohibit their victims from contacting the police and the FBI.

Useful information that would track the group’s activity includes “IP registries showing callbacks of foreign IP addresses, Bitcoin and Monero addresses and transaction IDs, communications with attackers, a decryptor file, and/or an unencrypted version of an encrypted file.”

The FBI does not recommend paying the BlackCat a ransom because there is no guarantee that it will protect the victim from further cyberattacks or the publication of stolen data.

However, the bureau is aware that the damage from cyber-ransomware attacks can be quite significant, and this may push companies to pay a ransom.

Sending
User Review
4 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending