1 min read

BlackCat Ransomware Hit More Than 60 Organizations Worldwide, FBI Says

Vlad CONSTANTINESCU

April 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
BlackCat Ransomware Hit More Than 60 Organizations Worldwide, FBI Says

In a TLP:WHITEFLASH alert released yesterday in coordination with CISA, the FBI says the notorious BlackCat ransomware gang breached more than 60 organization networks worldwide between November 2021 and March 2022.

The document is part of a series of reports that zero in on indicators of compromise (IOC) and tactics, techniques and procedures (TTP) linked to ransomware strains identified by the FBI during previous investigations.

BlackCat, also known as ALPHV, is a cybercrime group that runs a Ransomware-as-a-Service (RaaS) operation. The malicious campaign compromised at least 60 entities worldwide and “is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing,” according to the FBI’s FLASH alert.

The ransomware uses previously compromised credentials to breach the target machine. Once it gains access, BlackCat configures malicious Group Policy Objects (GPOs) through Windows Task Scheduler to deploy ransomware.

Initially, the malware exploits a combination of PowerShell scripts and Cobalt Strike to disable security features on the compromised network. During the attack, BlackCat/ALPHV also leverages Microsoft Sys internals and Windows administrative tools, steals victim data, and spreads ransomware to additional hosts by exploiting Windows scripting.

The FBI urges victims to cooperate with authorities and advises them not to pay the ransom. They also encourage victims to share any information that might help them catch the perpetrators, including IP logs, Bitcoin or Monero transaction IDs and addresses, the decryptor file, any communication with the threat actors, or a “benign sample of an encrypted file.”

The FBI also included a list of recommended mitigation measures to help network administrators steer clear of BlackCat ransomware attacks, such as:

  • Implementing network segmentation
  • Backing up data regularly
  • Performing cold backups (offline, or at least not in the location where the original data resides)
  • Checking Windows Task Scheduler regularly for unrecognized scheduled tasks
  • Reviewing antivirus logs
  • Keeping antivirus and antimalware software up to date on all hosts
  • Using Multi-Factor Authentication (MFA)
  • Prioritizing system updates and patches
  • Disabling unused remote access ports and monitoring remote access logs

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Planet Ice hacked! 240,000 skating fans' details stolen Planet Ice hacked! 240,000 skating fans' details stolen
Graham CLULEY

January 31, 2023

2 min read
QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices QNAP Rolls Out Urgent Patch to Fix SQL Injection Flaw in NAS Devices
Filip TRUȚĂ

January 31, 2023

1 min read
Code-Signing Certificates Stolen in GitHub Breach Code-Signing Certificates Stolen in GitHub Breach
Vlad CONSTANTINESCU

January 31, 2023

1 min read