FBI Warns of BlackCat Ransomware That Breached Over 60 Organisations Worldwide

2022-04-27 20:20

Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language that's known to be memory safe and offer improved performance.

"Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations," the FBI said in an advisory published last week.

The disclosure comes weeks after twin reports from Cisco Talos and Kasperksy uncovered links between BlackCat and BlackMatter ransomware families, including the use of a modified version of a data exfiltration tool dubbed Fendr that's been previously only observed in BlackMatter-related activity.

In a BlackCat ransomware incident analyzed by Forescout's Vedere Labs, an internet-exposed SonicWall firewall was penetrated to gain initial access to the network, before moving to and encrypting a VMware ESXi virtual farm.

The ransomware deployment is said to have taken place on March 17, 2022.

The law enforcement agency, besides recommending victims to promptly report ransomware incidents, also said it doesn't encourage paying ransoms as there is no guarantee that this will enable the recovery of encrypted files.

News URL

https://thehackernews.com/2022/04/fbi-warns-of-blackcat-ransomware-that.html

#FBI #ransomware