Aggressive BlackCat: The Latest Ransomware Threat is on Rise

BlackCat, the latest ransomware threat to surface on underground forums, has quickly established itself in the Ransomware-as-a-Service (RaaS) cybercriminal marketplace by providing “affiliates” 80% to 90% of ransoms and actively naming and shaming victims on a name-and-shame site.

According to a recent examination of the malware by researchers at Palo Alto Networks, the BlackCat group has allegedly compromised more than a dozen victims, named those victims on its blog, and broken into the top 10 threats by victim count in less than a month. The ransomware program appears to be well-designed and built-in Rust, an efficient programming language that has grown in popularity in recent years.

According to Doel Santos, a Threat Intelligence Analyst with Palo Alto Networks’ Unit 42 team, the ransomware platform makes extensive use of configuration files to allow the operator to tailor the attack to specific victims, and determine which processes to shut down, and even use a customized list of credentials to move laterally within a company.

He says that the BlackCat ransomware contains several characteristics that the operator might use when running the malware. “All of these configurations may be tailored to the threat actor’s preferences, making it highly configurable.” 

Palo Alto Networks experts revealed in their examination that BlackCat, also known as ALPHV, employs all of these approaches.