What is the BlackCat ransomware attack, and why is it unique?

Ransomware has undoubtedly grown in popularity as a way for hackers to get financial advantages. In short, they will breach a security system searching for sensitive data and either steal it or block it. Then, the victim will be asked to pay a high price - the ransom - to get access to the data or system again, or to not have it exposed.

There are several ways they use to try and gain access. But, at the same time, there are many tools and techniques that security officials have to employ to keep the criminals at bay. 

Of course, one of the main ones is having good cryptography in place - an encrypted set of files is unreadable. Therefore, it is useless to criminals.

In addition, it is fundamental for companies to keep their working systems backed up. Both these tactics remove the gain for cybercriminals: there is no use in leaking encrypted data, and if they block your access to your server, you just go to the backup.

Still, cybersec professionals always need to be on the lookout as the criminal industry of ransomware attacks is constantly renovating and always innovating.

The BlackCat, or ALPHV, attack

The BlackCat attack is one of those innovations and the cybercriminal gang with the same name has significantly increased its presence in very little time. It first appeared by the end of 2021, but just one month after it surfaced, it already had a high number of victims - all of which were listed on their leak site.

They operate as a RaaS (Ransomware-as-a-Service) provider, making their work even more unpredictable and widespread. The gang, ever searching for new "employees", has even been seen soliciting on the dark web and cybercrime forums.

Read Also: Cybercrime has become an industry: don't be just another victim

Their business model operates with large quantities: they will offer "workers" up to 90 per cent share of the ransom payment they would get and pay the remaining percentage to the group itself. With numerous daily attacks, the amount they can achieve can get extremely high. 

BlackCat is known to have targeted mainly organisations in the United States, but there are also victims in Europe, Asia, and many other locations. 

They seem to have no specific sector in mind, and the list of victims includes companies in construction, retail, commercial services, telecommunication, health, and pharmaceuticals. 
 

The programming innovation

Perhaps most notably, the BlackCat group is one of the first that has coded using the Rust programming language. This programming language has been used in malware before, but not in ransom attacks.

Rust is extremely efficient and secure and a language that allows a high level of customisation, but if used for bad purposes, criminals can change their behaviour and customise their attacks quicker - and also breach into many different operating system architectures.
 

Read Also: Get to know more advanced tools for data security in companies

Still, it is not all-mighty. Companies can and should protect themselves. As we've said, there are many techniques and tools for cybersecurity that add several layers of defence against all sorts of cybercrime, including those coming from BlackCat.

Encryption is one of the most crucial tools, even if not the only one - they all work well in tandem. Get in touch with our team to know more about Vaultree's encryption solutions and count on us to keep your data safe.