FBI Is Looking For BlackCat

Uploaded on 2022-04-29 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcement agencies have been busy targeting malicious cyber actors around the world and the Federal Bureau of Investigation (FBI) has sent out a Flash alert asking for information about the threat actor BlackCat also known as Alphv, which has breached at least 60 organisations. 

The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.

BlackCat has been previously linked to other ransomware groups that have stopped working. The information the FBI wants includes IP addresses, Bitcoin or Monero addresses and transaction IDs, communications, decryptor files, and a sample of an encrypted file.  

Black Cat was apparently used in a German January 2022 campaign that was conducted against two international oil companies. In the advisory, the FBI also warns that the group has compromised roughly 60 entities worldwide.
The ransomware gains access to the victim's system by putting previously compromised user credentials to work. The malware then compromises Active Directory user and administrator accounts, leveraging Windows administrative tools and Microsoft Sysinternals tools. 

According to the FBI’s investigation, BlackCat is the first ransomware group that has successfully used the programming language RUST to commission its attacks. 

The cyber crime group then steals data from the victim before deploying ransomware and demanding that companies pay-up to decrypt their files. According to the FBI, the group’s initial ransom requests are often shocking, but the group has been observed accepting a smaller payment than they formerly demanded.
In their Flash alert the FBI has listed suggested mitigations and actions.

The FBI doesn't encourage paying BlackCat ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.However, the federal agency did acknowledge the damage inflicted by ransomware attacks, which may force company executives to pay the ransom and protect shareholders, customers, or employees.

The affiliated threat actors usually request ransom payments of millions of dollars in cryptocurrency, but often end up accepting payments of much less than the initial demand. Many of the threat actors have been linked to the Darkside and Blackmatter groups, indicating extensive experience when it comes to ransomware operations.

Alphv has been tracked to attacks on two major German oil companies, and Florida International University, though the victims of ransomware are typically in the discretion of the affiliate groups that do the hacking rather than a group like Alphv that programs the malware and licenses its use. 

In the Flash alert, the FBI listed recommended mitigations, including using multi-factor authentication and installing updates/patch operating systems, software and firmware as soon as they are released. 

FBI:      Forbes:     Infosecurity Magazine:     Oodaloop:   Secureworld:     Bleeping Computer:   Unified Guru

You Might Also Read: 

Police Shut Down RaidForums Hackers:

« Enhance Security In Your AWS Cloud
Three Vital Concerns For Companies Running Hybrid Cloud Environments »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

WatchGuard

WatchGuard

WatchGuard is a leader in network security, secure Wi-Fi, and network intelligence products and services for SMBs and Enterprises worldwide.

Foresite

Foresite

Foresite is a global service provider, delivering a range of managed security and consulting solutions.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

Mphasis

Mphasis

Mphasis is a leading applied technology services company applying next-generation technology to help enterprises transform businesses globally.

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Ampyx Cyber

Ampyx Cyber

Ampyx Cyber (formerly Ampere Industrial Security) is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

CyberSalus

CyberSalus

CyberSalus is a pioneering cyber tech services company dedicated to protecting the digital integrity of healthcare organizations.

Waterleaf International

Waterleaf International

Waterleaf provide advanced network and cybersecurity solutions - informed by data sciences. Transforming Connectivity, Security and Information for Municipalities, Government & Enterprise.