On Tuesday 19th of April 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE flash alert which revealed the BlackCat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide as of March 2022. The FBI also stated the BlackCat ransomware gang has been the first ransomware group to have successfully used the RUST programming language for these breaches. This is seen as a key development for ransomware as the RUST programming language is seen as a more secure programming language that offers improved performance and reliable concurrent processing.
This flash alert was released in coordination with the U.S. Department of Homeland Security (DNS) and Cybersecurity and Infrastructure Security Agency (CISA) to provide key cyber threat information to help security professionals and organisations to detect and counter ransomware attack attempts from the BlackCat ransomware gang. The alert revealed that many of BlackCat’s developers and money launderers have been linked to Darkside/Blackmatter ransomware groups and therefore it is an indication that the BlackCat ransomware gang have extensive networks and experience with ransomware operations.
In the alert, the FBI asked for any information related to the BlackCat ransomware gang and their activities to be shared with them. This information can include “IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.