FBI Is Looking For BlackCat

Uploaded on 2022-04-29 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcement agencies have been busy targeting malicious cyber actors around the world and the Federal Bureau of Investigation (FBI) has sent out a Flash alert asking for information about the threat actor BlackCat also known as Alphv, which has breached at least 60 organisations. 

The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.

BlackCat has been previously linked to other ransomware groups that have stopped working. The information the FBI wants includes IP addresses, Bitcoin or Monero addresses and transaction IDs, communications, decryptor files, and a sample of an encrypted file.  

Black Cat was apparently used in a German January 2022 campaign that was conducted against two international oil companies. In the advisory, the FBI also warns that the group has compromised roughly 60 entities worldwide.
The ransomware gains access to the victim's system by putting previously compromised user credentials to work. The malware then compromises Active Directory user and administrator accounts, leveraging Windows administrative tools and Microsoft Sysinternals tools. 

According to the FBI’s investigation, BlackCat is the first ransomware group that has successfully used the programming language RUST to commission its attacks. 

The cyber crime group then steals data from the victim before deploying ransomware and demanding that companies pay-up to decrypt their files. According to the FBI, the group’s initial ransom requests are often shocking, but the group has been observed accepting a smaller payment than they formerly demanded.
In their Flash alert the FBI has listed suggested mitigations and actions.

The FBI doesn't encourage paying BlackCat ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.However, the federal agency did acknowledge the damage inflicted by ransomware attacks, which may force company executives to pay the ransom and protect shareholders, customers, or employees.

The affiliated threat actors usually request ransom payments of millions of dollars in cryptocurrency, but often end up accepting payments of much less than the initial demand. Many of the threat actors have been linked to the Darkside and Blackmatter groups, indicating extensive experience when it comes to ransomware operations.

Alphv has been tracked to attacks on two major German oil companies, and Florida International University, though the victims of ransomware are typically in the discretion of the affiliate groups that do the hacking rather than a group like Alphv that programs the malware and licenses its use. 

In the Flash alert, the FBI listed recommended mitigations, including using multi-factor authentication and installing updates/patch operating systems, software and firmware as soon as they are released. 

FBI:      Forbes:     Infosecurity Magazine:     Oodaloop:   Secureworld:     Bleeping Computer:   Unified Guru

You Might Also Read: 

Police Shut Down RaidForums Hackers:

« Enhance Security In Your AWS Cloud
Three Vital Concerns For Companies Running Hybrid Cloud Environments »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZyberSafe

ZyberSafe

ZyberSafe is an innovative Danish company specialized within building hardware encryption solutions.

Centre for the Protection of National Infrastructure (CPNI)

Centre for the Protection of National Infrastructure (CPNI)

CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter cyber threats.

GreyCastle Security

GreyCastle Security

GreyCastle Security is a leading cybersecurity services provider dedicated exclusively to cybersecurity and the practical management of cybersecurity risks.

vdiscovery

vdiscovery

vdiscovery is a provider of proprietary and best-in-breed solutions in computer forensics, document review, and electronic discovery.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

UK Cyber Security Council (UKCSC)

UK Cyber Security Council (UKCSC)

The role of The UK Cyber Security Council is to champion the cybersecurity profession across the UK, provide representation for the industry, accelerate awareness and promote excellence.

NANDoff Data Recovery

NANDoff Data Recovery

NANDoff is a flat rate data recovery service. We serve the electronics industry around the globe 24/7.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Dope Security

Dope Security

Dope Security is a fly-direct Secure Web Gateway that eliminates the data center stopover architecture required by legacy providers, instead performing security directly on the endpoint.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.

Wired Assurance

Wired Assurance

Wired Assurance is a testing and assurance company, specialized in software applications and blockchain smart contracts.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Internet Initiative Japan (IIJ)

Internet Initiative Japan (IIJ)

IIJ is one of Japan's leading Internet-access and comprehensive network solutions providers.