According to a recent investigation, both hacker gangs rely on the unique programming language, BlackCat (ALPHV), a new ransomware gang on the rise, has been linked to previously defunct groups BlackMatter and REvil, due to their shared usage of the sophisticated BlackCat malware.
Cybercriminals are suspected of utilising some of the most powerful ransomware in circulation in a number of attacks against industrial enterprises and colleges in the United States.
According to a recent analysis by VPN provider Kaspersky, BlackCat’s tools and techniques are quite similar to those employed by BlackMatter, the cyber group behind the 2021 Colonial Pipeline attack. This revelation demonstrates how difficult it is to eradicate the use of this continuously evolving malware.
Who is BlackCat, and why do you not want them to cross your road?
Since December 2021, the BlackCat ransomware-as-a-service (RaaS) gang has been operating. They’ve been stealing sensitive data, extorting money, and threatening to execute a disruptive denial-of-service (DDoS) attack against a number of worldwide companies since their beginnings.
Far from being a typical cyber gang, BlackCat has gained international notice due to the sophisticated ransomware of the same name.
Unlike other ransomware, BlackCat is written in Rust, a cross-compilation-capable computer language. The language can operate on both Windows and Linux computers due to its advanced features. Rust also makes it easier to discover encrypted files, while also making the malware less detectable by security researchers.
But how does it feel to be targeted out for attention? Users who are targeted by BlackCat may have their files encrypted and be asked to pay to decode them. In addition, the malicious programme has the ability to rename encrypted files to match their precise needs.
The ransomware groups may then add more pressure by threatening to expose the compromised data publicly if individuals refuse to consent to the settlement fees, which typically reach six figures.
Links to Shared Activities BlackMatter to BlackCat
While BlackCat’s tactics may appear unusual, they aren’t the first time they’ve been utilised to target consumers.
Known ransomware groups like BlackMatter, REvil, and DarkSide – a string of affiliate RaaS groups responsible for thousands of high-profile attacks around the world — have utilised similar strategies.
“It was only an matter of time after the REvil and BlackMatter ransomware groups shut down their activities before another ransomware group took over their niche,” said Dmitry Galov, a security researcher at Kaspersky.
This isn’t just a coincidence, either. BlackCat is only the latest edition of these groups, according to Kaspersky’s research “A terrible luck BlackCat,” released last Thursday. The gang uses very identical tools and techniques to its predecessors.
The analysis discovered that the new RaaS group was employing Fendr, a bespoke exfiltration tool, and Mimikatz, a batch file that had previously been utilised by BlackMatter and REvil.
Tripwire’s analysis also reveals that the RaaS group’s similarities may extend to its members, with the software firm discovering that a number of criminals previously associated with these groups are now working with BlackCat.
How to Prevent Bad Luck in Your Business
BlackCat ransomware and other related threats have wreaked havoc on organisations. Companies should adopt the cybersecurity procedures listed below to prevent being targeted by these breaches or to reduce their impact.
- Make regular backups of data and store it on other platforms, such as remote servers and unplugged devices.
- To reduce incidences of employee irresponsibility, educate your employees on the best cybersecurity procedures.
- Change your password on a frequent basis, and make sure it contains both numbers and special characters. You can make this easier by using password managers.
- Install antivirus software on your network and make sure it’s up to date.
- Use open-source software to encrypt crucial files, such as those containing sensitive or personally identifiable information (PPI).