FBI Is Looking For BlackCat

Uploaded on 2022-04-29 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcement agencies have been busy targeting malicious cyber actors around the world and the Federal Bureau of Investigation (FBI) has sent out a Flash alert asking for information about the threat actor BlackCat also known as Alphv, which has breached at least 60 organisations. 

The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.

BlackCat has been previously linked to other ransomware groups that have stopped working. The information the FBI wants includes IP addresses, Bitcoin or Monero addresses and transaction IDs, communications, decryptor files, and a sample of an encrypted file.  

Black Cat was apparently used in a German January 2022 campaign that was conducted against two international oil companies. In the advisory, the FBI also warns that the group has compromised roughly 60 entities worldwide.
The ransomware gains access to the victim's system by putting previously compromised user credentials to work. The malware then compromises Active Directory user and administrator accounts, leveraging Windows administrative tools and Microsoft Sysinternals tools. 

According to the FBI’s investigation, BlackCat is the first ransomware group that has successfully used the programming language RUST to commission its attacks. 

The cyber crime group then steals data from the victim before deploying ransomware and demanding that companies pay-up to decrypt their files. According to the FBI, the group’s initial ransom requests are often shocking, but the group has been observed accepting a smaller payment than they formerly demanded.
In their Flash alert the FBI has listed suggested mitigations and actions.

The FBI doesn't encourage paying BlackCat ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.However, the federal agency did acknowledge the damage inflicted by ransomware attacks, which may force company executives to pay the ransom and protect shareholders, customers, or employees.

The affiliated threat actors usually request ransom payments of millions of dollars in cryptocurrency, but often end up accepting payments of much less than the initial demand. Many of the threat actors have been linked to the Darkside and Blackmatter groups, indicating extensive experience when it comes to ransomware operations.

Alphv has been tracked to attacks on two major German oil companies, and Florida International University, though the victims of ransomware are typically in the discretion of the affiliate groups that do the hacking rather than a group like Alphv that programs the malware and licenses its use. 

In the Flash alert, the FBI listed recommended mitigations, including using multi-factor authentication and installing updates/patch operating systems, software and firmware as soon as they are released. 

FBI:      Forbes:     Infosecurity Magazine:     Oodaloop:   Secureworld:     Bleeping Computer:   Unified Guru

You Might Also Read: 

Police Shut Down RaidForums Hackers:

« Enhance Security In Your AWS Cloud
Three Vital Concerns For Companies Running Hybrid Cloud Environments »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

Zentek Digital Investigations

Zentek Digital Investigations

Zentek has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Orolia

Orolia

Orolia are experts in deploying high precision GPS time through network infrastructure to synchronize critical operations.

HANDD Business Solutions

HANDD Business Solutions

HANDD are independent specialists in data protection with expertise at every stage of the Protect, Detect and Respond cycle, from consultancy and design, right through to installation.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

Netwrix

Netwrix

Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

ChaosSearch

ChaosSearch

ChaosSearch is a massively scalable ELK-compatible log analysis platform delivered as a fully managed service with high-performance and low cost.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Axiata Digital Labs

Axiata Digital Labs

Axiata Digital Labs is the technology hub of Axiata Group Berhad Malaysia which is one of the leading groups in telecommunication in Asia.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.