BlackCat is the first group of ransomware extortionists to create malware in the Rust programming language. They entered the cybercrime scene in 2021 and became one of the most active ransomware gangs.
This week, BlackCat claimed responsibility for hacking the University of Pisa in Italy. The group demands that the university pay $4.5 million by June 16.
According to information security analysts at ANOZR WAY, BlackCat is one of the most active extortion groups responsible for 12% of all recorded attacks. Now it is overtaken by only two gangs of extortionists – Lockbit 2.0 and Conti .
On Monday, Microsoft published a blog with a detailed analysis of the BlackCat grouping. The company reviewed successful attacks on Windows and Linux devices, as well as on VMware instances. Microsoft experts called BlackCat (also known as ALPHV) a prime example of the “hacker gig economy”, as it actively provides its extortionate software as a service.
The Rust programming language helps the grouping avoid detection by conventional security tools and creates problems for information security specialists, preventing them from redesigning the payload or comparing it with similar ransomware.
Hackers usually break into systems using stolen victim credentials and remote desktop access applications.
Microsoft also noticed DEV-0237 and DEV-0504 – two extortionate groups using fresh software from BlackCat. According to the company’s representatives, the change in payload is typical for groups that provide extortionate software as a service, since this allows you to get a lot more money and makes it very difficult to detect ransomware.