Researchers at Recorded Future and MalwareHunterTeam have discovered new highly sophisticated ransomware named ALPHV (aka BlackCat) written in the Rust programming language.

What has happened?

ALPHV is one of the first professional ransomware gangs to use Rust. This threat targets Windows, Linux, and VMWare ESXi systems.
  • Researchers claim that the author of BlackCat ransomware was previously involved with REvil ransomware activities.
  • ALPHV was found being offered as RaaS on two cybercrime forums Exploit and XSS.
  • The threat group uses a double extortion model.
  • It is looking for partners and offering up to 80%–90% ransom cut, based on the target value.

The targets

So far, the ransomware operations have targeted a few victims in the U.S., India, and Australia. The ransom demands range between a few hundreds of thousands up to $3 worth of Bitcoin/Monero.

Additional insights

At present, the ALPHV ransomware group operates more than one leak site, with each site hosting data of only one or two victims.
  • It is believed that these leak sites may be hosted by different ALPHV affiliates, which explains the use of different leak URLs.
  • The preferred initial entry vector is unknown. The attackers focus on stealing sensitive files and encrypting systems.

Conclusion

BlackCat is the first ransomware to use Rust and is a potent threat. With its double extortion skills, experts believe that BlackCat would be a worthy successor to DarkSide and REvil. While the group is still in its early stages of development, its advanced nature companies need to be aware of the threat and implement proper defenses.

Cyware Publisher

Publisher

Cyware