BlackCat ransomware, which is a Ransomware-as-a-Service model, emerged in November 2021. According to the Federal Bureau of Investigation, BlackCat has victimized over 60 organizations worldwide between its first appearance in November 2021 and March 2022.
The first Rust malware
The operators of BlackCat utilize various techniques for initial access
BlackCat ransomware, which is also called ALPHV or Noberus is the first malware written in Rust programming language. Rust causes a lower detection rate from static analysis tools since they are usually not developed to cover all the programming languages. The reports state that BlackCat is linked with BlackMatter ransomware as well. The operators of BlackCat utilize stolen/compromised user credentials from different sources to gain initial access; then steal the data from the target before the encrypting process.
The FBI asks victims to report them immediately and not to pay ransoms since there is no guarantee of attackers keeping their promises and decrypting the files. They also urge organizations to review domain controllers, servers, workstations, and active directories for new unknown accounts. The FBI also advises taking offline backups, applying software updates, utilizing multi-factor authentication, and creating network segmentation.