1 min read

BlackCat Ransomware Hit More Than 60 Organizations Worldwide, FBI Says

Vlad CONSTANTINESCU

April 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
BlackCat Ransomware Hit More Than 60 Organizations Worldwide, FBI Says

In a TLP:WHITEFLASH alert released yesterday in coordination with CISA, the FBI says the notorious BlackCat ransomware gang breached more than 60 organization networks worldwide between November 2021 and March 2022.

The document is part of a series of reports that zero in on indicators of compromise (IOC) and tactics, techniques and procedures (TTP) linked to ransomware strains identified by the FBI during previous investigations.

BlackCat, also known as ALPHV, is a cybercrime group that runs a Ransomware-as-a-Service (RaaS) operation. The malicious campaign compromised at least 60 entities worldwide and “is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing,” according to the FBI’s FLASH alert.

The ransomware uses previously compromised credentials to breach the target machine. Once it gains access, BlackCat configures malicious Group Policy Objects (GPOs) through Windows Task Scheduler to deploy ransomware.

Initially, the malware exploits a combination of PowerShell scripts and Cobalt Strike to disable security features on the compromised network. During the attack, BlackCat/ALPHV also leverages Microsoft Sys internals and Windows administrative tools, steals victim data, and spreads ransomware to additional hosts by exploiting Windows scripting.

The FBI urges victims to cooperate with authorities and advises them not to pay the ransom. They also encourage victims to share any information that might help them catch the perpetrators, including IP logs, Bitcoin or Monero transaction IDs and addresses, the decryptor file, any communication with the threat actors, or a “benign sample of an encrypted file.”

The FBI also included a list of recommended mitigation measures to help network administrators steer clear of BlackCat ransomware attacks, such as:

  • Implementing network segmentation
  • Backing up data regularly
  • Performing cold backups (offline, or at least not in the location where the original data resides)
  • Checking Windows Task Scheduler regularly for unrecognized scheduled tasks
  • Reviewing antivirus logs
  • Keeping antivirus and antimalware software up to date on all hosts
  • Using Multi-Factor Authentication (MFA)
  • Prioritizing system updates and patches
  • Disabling unused remote access ports and monitoring remote access logs

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

AMD held to ransom by gang that claims 450GB of data has been stolen AMD held to ransom by gang that claims 450GB of data has been stolen
Graham CLULEY

July 01, 2022

2 min read
South Korean Cybersecurity Agency Released Free Decryptor for Hive Ransomware Victims South Korean Cybersecurity Agency Released Free Decryptor for Hive Ransomware Victims
Vlad CONSTANTINESCU

July 01, 2022

1 min read
Ukrainian Phishers face 15 Years behind Bars after Defrauding Fellow Citizens with Fake Relief Claims Ukrainian Phishers face 15 Years behind Bars after Defrauding Fellow Citizens with Fake Relief Claims
Filip TRUȚĂ

June 30, 2022

1 min read