FBI Warning as BlackCat Ransomware Breaches at Least 60 Organizations

U.S. organizations appear to be among chief targets in latest large scale ransomware attacks.
Isobel O'Sullivan

Ransomware-as-a-service (RaaS) group BlackCat, has already compromised 60 entities worldwide, according to a FLASH warning issued by the Federal Bureau of Investigation (FBI) this week.

The report confirms that the recently established BlackCat group are typically requesting ransom payments of several million dollars, and are carrying out their attacks using Rust, a highly advanced coding language.

The FLASH warning – which is one of a series of reports the FBI is making about the rise of ransomware cases – highlights the need for business vigilance in the face of increasingly sophisticated cyberattacks.

FBI Issues a ‘FLASH Alert' About BlackCat Ransomware

BlackCat, also known as ALPHV, are a ransomware family that have previously been linked to the defunct RaaS groups BlackMatter, DarkSide, and REvil.

In a FLASH warning released by the FBI this week, the bureau warned that as of March 2022 the criminal gang have successfully breached at least 60 global servers.

While the cost of each ransom request varies, the report revealed that the threat actors are typically demanding payments of up to several million dollars in Monero or Bitcoin. They are, however, accepting payments below the initial amount if organizations refuse or are unable to pay the sum in full.

According to a recent threat assessment by the cyber security company Palo Alto Networks, BlackCat's victims are not limited to one country, with successful attacks being leveraged on organizations from the Philippines to Europe.

However, the RaaS group is appearing to give particular focus to U.S. organizations, with most successful attacks being carried out on home soil.

BlackCat: A Uniquely Sophisticated Threat

While these ransomware attacks may sound alarming, security breaches are nothing new. In fact, research from Atlas VPN reveals that almost six billion online accounts are targeted in data breaches each year.

However, while cyberattacks are indeed becoming the new normal, BlackCat and its steadily widening reach should spark concern among U.S. businesses for a number of reasons.

Firstly, just like its predecessors, BlackMatter and DarkSide, BlackCat's ransomware software, of the same name, runs on Rust. Rust is a coding language that can be run on embedded devices and can integrate with other languages.

According to the FBI's FLASH warning, this coding language is capable of inflicting greater damage because it's harder to detect and it offers ‘improved performance and reliable concurrent processing'.

“BlackCat/ALPHV steals victim data prior to the execution of the ransomware, including from cloud providers where company or client data was stored.” – FBI's FLASH report

And other cybersecurity experts agree, with Carolyn Crandall, chief security advocate at Attivo Networks attesting that BlackCat's new code is particularly effective at circumventing endpoint defense systems.

The FBI also revealed that BlackCat is able to leverage Windows and Microsoft's tools to deploy the ransomware. From here, the group is able to disable security features within the victim's network, and edit, delete or seize their compromised data.

Ransomware Attacks are Rising Across the Board

Unfortunately, BlackCat's ransomware attacks aren't happening in isolation.

According to security firm Sophos, 37% of businesses were hit by ransomware attacks in 2021, with bigger organizations appearing to be at a greater risk.

And the rate of breaches doesn't seem to be slowing down, with the FBI revealing that ransomware groups are upping their ante by targeting public services including utilities, emergency services, and education.

What's more, earlier this week, the FBI also announced that U.S. agriculture is the latest sector to be targeted by the malware.

What Advice does the FBI Have for American Businesses?

For organizations impacted by BlackCat, getting struck is more than just a case of bad luck. Fortunately, for U.S. organizations looking to evade breaches, the FBI has issued a set of preventative safety measures to follow.

Here are just a few tips to adhere to if you want to protect your business from BlackCat and similar ransomware groups.

  • Use multi-factor authentication where possible
  • Install and frequently update anti-malware and antivirus software across business networks
  • Avoid using unsecured networks and use virtual private networks (VPN)
  • Regularly change passwords to network systems and use different passwords across accounts
  • Review domain controllers for unorganized user accounts
  • If compromised, avoid paying ransoms – payment will not guarantee files will be recovered

 

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Isobel is a writer at Tech.co with a wealth of experience covering business and technology news. Since specializing in Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also spent time working as a freelance tech researcher. As a writer, Isobel takes a particular interest in issues regarding data security, social media, and emerging business technology.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals