Security News > 2022 > September > BlackCat ransomware’s data exfiltration tool gets an upgrade
The BlackCat ransomware isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks.
BlackCat is considered a successor to Darkside and BlackMatter and is one of the most sophisticated and technically advanced Ransomware-as-a-service operations.
Security researchers at Symantec report that the developer of BlackCat, the first Rust-based ransomware strain, continually improves and enriches the malware with new features.
Lately, the focus appears to have been on the tool used for exfiltrating data from compromised systems, an essential requirement for conducting double extortion attacks.
Finally, Symantec has noticed that the BlackCat operation has been seen using an older anti-rootkit utility called to terminate antivirus processes.
In June 2022, BlackCat introduced support for encrypting files on ARM architectures and a mode to encrypt in Windows safe mode with or without networking.