Ransomware-as-a-service (RaaS) group BlackCat, has already compromised 60 entities worldwide, according to a FLASH warning issued by the Federal Bureau of Investigation (FBI) this week.
The report confirms that the recently established BlackCat group are typically requesting ransom payments of several million dollars, and are carrying out their attacks using Rust, a highly advanced coding language.
The FLASH warning – which is one of a series of reports the FBI is making about the rise of ransomware cases – highlights the need for business vigilance in the face of increasingly sophisticated cyberattacks.
FBI Issues a ‘FLASH Alert' About BlackCat Ransomware
BlackCat, also known as ALPHV, are a ransomware family that have previously been linked to the defunct RaaS groups BlackMatter, DarkSide, and REvil.
In a FLASH warning released by the FBI this week, the bureau warned that as of March 2022 the criminal gang have successfully breached at least 60 global servers.
While the cost of each ransom request varies, the report revealed that the threat actors are typically demanding payments of up to several million dollars in Monero or Bitcoin. They are, however, accepting payments below the initial amount if organizations refuse or are unable to pay the sum in full.
According to a recent threat assessment by the cyber security company Palo Alto Networks, BlackCat's victims are not limited to one country, with successful attacks being leveraged on organizations from the Philippines to Europe.
However, the RaaS group is appearing to give particular focus to U.S. organizations, with most successful attacks being carried out on home soil.
BlackCat: A Uniquely Sophisticated Threat
While these ransomware attacks may sound alarming, security breaches are nothing new. In fact, research from Atlas VPN reveals that almost six billion online accounts are targeted in data breaches each year.
However, while cyberattacks are indeed becoming the new normal, BlackCat and its steadily widening reach should spark concern among U.S. businesses for a number of reasons.
Firstly, just like its predecessors, BlackMatter and DarkSide, BlackCat's ransomware software, of the same name, runs on Rust. Rust is a coding language that can be run on embedded devices and can integrate with other languages.
According to the FBI's FLASH warning, this coding language is capable of inflicting greater damage because it's harder to detect and it offers ‘improved performance and reliable concurrent processing'.
“BlackCat/ALPHV steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored.” – FBI's FLASH report
And other cybersecurity experts agree, with Carolyn Crandall, chief security advocate at Attivo Networks attesting that BlackCat's new code is particularly effective at circumventing endpoint defense systems.
The FBI also revealed that BlackCat is able to leverage Windows and Microsoft's tools to deploy the ransomware. From here, the group is able to disable security features within the victim's network, and edit, delete or seize their compromised data.
Ransomware Attacks are Rising Across the Board
Unfortunately, BlackCat's ransomware attacks aren't happening in isolation.
According to security firm Sophos, 37% of businesses were hit by ransomware attacks in 2021, with bigger organizations appearing to be at a greater risk.
And the rate of breaches doesn't seem to be slowing down, with the FBI revealing that ransomware groups are upping their ante by targeting public services including utilities, emergency services, and education.
What's more, earlier this week, the FBI also announced that U.S. agriculture is the latest sector to be targeted by the malware.
What Advice does the FBI Have for American Businesses?
For organizations impacted by BlackCat, getting struck is more than just a case of bad luck. Fortunately, for U.S. organizations looking to evade breaches, the FBI has issued a set of preventative safety measures to follow.
Here are just a few tips to adhere to if you want to protect your business from BlackCat and similar ransomware groups.
- Use multi-factor authentication where possible
- Install and frequently update anti-malware and antivirus software across business networks
- Avoid using unsecured networks and use virtual private networks (VPN)
- Regularly change passwords to network systems and use different passwords across accounts
- Review domain controllers for unorganized user accounts
- If compromised, avoid paying ransoms – payment will not guarantee files will be recovered