BlackCat Ransomware: Here’s What to Know
POSTED ON June 24, 2022
Ransomware remains a massive cybersecurity challenge for organizations everywhere, with costs expected to rise from $20 billion in 2021 to $265 billion by 2031, according to estimates by Cybersecurity Ventures. This is a significant increase that’s affecting nearly every organization worldwide, from the smallest SMB to the largest global enterprise.
Part of what makes defending against ransomware, a type of malware that encrypts files or systems and asks for a ransom to release them, so difficult is that there are constantly new forms of attack emerging. One example of this is BlackCat ransomware, which recently promoted a flash report from the FBI as it continued to compromise organizations around the world.
BlackCat/ALPHV ransomware is a type of ransomware as a service, where ransomware operators lease out malicious software through a subscription model over the dark web. The attack uses compromised user credentials to gain access to systems, then escalates and moves on to Active Director user and administrator accounts. From there, it uses Microsoft features to roll ransomware out throughout the entire organization, including Windows scripting. It demands a hefty ransom — often to the tune of several million dollars in Bitcoin.
What further sets BlackCat apart from other types of ransomware as a service is that it’s the first to compromise organizations that leverage extra security precautions — namely, a secure programming language called RUST. Additionally, the malware is effective across both Windows and Linux environments, which may be concerning for some SMBs that leverage that language.
According to the FBI, BlackCat Ransomware has compromised many organizations around the world. According to a report in March, at least 60 organizations of varying types have been compromised by the BlackCat ransomware. One victim includes a large company in the oil, gas, and mining industries, but other victims have not been disclosed. However, the true number of victims is difficult to trace as reporting is mainly voluntary from organizations.
There are several things that SMBs can do to mitigate the risk from BlackCat ransomware, according to the FBI’s report. First, security leaders at SMBs should ensure they’re looking for indicators of compromise within their own organization. This includes regularly reviewing their domain controllers, servers, active directories, and similar items for unrecognized user accounts.
Second, SMBs should ensure that they leverage security best practices to protect their organization. This includes best practices for data protection, including regularly backing up, air gapping, and password protecting their data, especially essential or critical data. They should also ensure that they leverage appropriate tools for ransomware mitigation across their organization, such as antivirus and multi-factor authentication.
BlackCat is one example of the vast and varied ransomware landscape continuing to evolve and become more concerning for SMBs and other organizations. This was true in 2021 and will likely continue to escalate in 2022 and beyond. With that in mind, SMBs need to make sure that they remain vigilant about ensuring they are following cybersecurity best practices and constantly educating themselves on the latest forms of malware that may target their organization, such as BlackCat. Only then can they stand a chance at defending their organizations and their customers against attack.