FBI: BlackCat ransomware scratched 60-plus orgs

2022-04-25 06:42

The BlackCat ransomware gang, said to be the first-known ransomware group to successfully break into networks with Rust-written malware, has attacked at least 60 organizations globally as of March, according to the FBI. BlackCat, also known as ALPHV, is a relatively new group of cybercriminals that operates a Windows ransomware-as-a-service.

While it only appeared on the ransomware crime scene in November 2021, security researchers and federal law enforcement have linked its developers and money launderers to the notorious Darkside/Blackmatter crime rings, "Indicating they have extensive networks and experience with ransomware operations," the FBI said in a security alert [PDF] this week.

Like C/C++ toolchains, the Rust environment can be used to build programs for embedded devices, and integrate with other programming languages, said Attivo Networks Chief Security Advocate Carolyn Crandall.

The aforementioned FBI alert also includes BlackCat indicators of compromise and warned the ransomware typically leverages previously compromised user credentials to gain access to a victim's system.

In an effort to stay one step ahead of defenders, the TeamTNT cybercrime group has modified its malicious shell scripts after security researchers made the code public.

Industrial control system experts and security vendors have finally been invited to join the US government's Cybersecurity and Infrastructure Security Agency's Joint Cyber Defense Collaborative public-private collab for sharing threat data and security skills.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/25/in_brief_security/

#FBI #ransomware