ABD Federal Soruşturma Bürosu (FBI), geçen Kasım ayında ortaya çıkmasından bu yana Mart 2022 itibariyle dünya çapında en az 60 kuruluşu mağdur ettiğini söylediği BlackCat hizmet olarak fidye yazılımı (RaaS) için alarm veriyor.
The ransomware, also called ALPHV and Noberus, is notable for being the first malware written in the Rust programming language, which is known to be memory-safe and offers improved performance.
"Many BlackCat/ALPHV developers and money launderers are affiliated with DarkSide/BlackMatter, suggesting they have extensive networks and experience with ransomware operations," the FBI said in an advisory released last week.
The disclosure comes weeks after twin reports from Cisco Talos and Kaspersky revealed links between the BlackCat and BlackMatter families of ransomware, including the use of a modified version of a data-spoofing tool called Fendr that had previously only been observed at BlackMatter-related activities.
"Aside from the evolving advantages Rust offers, attackers also benefit from a lower detection rate than static analysis tools, which are often not adapted to all programming languages," AT&T Alien Labs said earlier this year.
Like other RaaS groups, BlackCat's modus operandi involves stealing victim data before the execution of ransomware, and the malware often uses compromised user credentials to gain initial access to the target system.
In a BlackCat ransomware incident analyzed by Forescout's Vedere Labs, an internet-facing SonicWall firewall was hacked to gain initial access to the network before it was migrated to a VMware ESXi virtual farm and encrypted. The ransomware distribution is said to occur on March 17, 2022.
Besides advising victims to immediately report ransomware incidents, the law enforcement agency said it did not encourage paying the ransom, as no guarantee that encrypted files would be recovered. But he acknowledged that victims could be compelled to heed such requests to protect shareholders, employees, and customers.
As a recommendation, the FBI urges organizations to review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts, take offline backups, apply network segmentation, apply software updates, and protect accounts with multi-factor authentication.