Between November 2021 and March 2022, the Black Cat ransomware group (aka ALPHV) compromised the networks of at least 60 organizations around the world.
This was announced in a joint notice issued by the FBI cyber unit and the Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday, April 20.According to Forbes, the notice is part of a series of similar reports on tactics, techniques and procedures, as well as indicators of compromise (IOC) ransomware identified by the FBI during investigations.
So, since the beginning of the year, the FBI has issued notices regarding such cyber-ransomware groups as BlackByte, Ragnar Locker and Avoslocker, which hacked dozens of critical infrastructure organizations in the United States. And, for example, the FBI said that DoppelPaymer operators threaten and harass their victims.
The BlackCat ransomware executable is very easy to customize. In addition, it supports many encryption methods and options, thanks to which attacks can be easily adapted to any corporate environment.
The researchers believe that BlackCat group may be made up of some former members of the BlackMatter team joined by affiliates from other extortionist gangs.
The FBI encourages system administrators who detect BlackCat activity on their company’s networks to forward the relevant information to the FBI cyber unit.
Let me also remind you that we talked about the fact that Ragnar Locker ransomware operators prohibit their victims from contacting the police and the FBI.
Useful information that would track the group’s activity includes “IP registries showing callbacks of foreign IP addresses, Bitcoin and Monero addresses and transaction IDs, communications with attackers, a decryptor file, and/or an unencrypted version of an encrypted file.”
The FBI does not recommend paying the BlackCat a ransom because there is no guarantee that it will protect the victim from further cyberattacks or the publication of stolen data.
However, the bureau is aware that the damage from cyber-ransomware attacks can be quite significant, and this may push companies to pay a ransom.