Elain Brown Tech 04.21.2022 22:Apr PM EDT

BlackCat Ransomware Breached 60 Organizations Worldwide — What is Its Connection to BlackMatter?

BlackCat Ransomware gang is now under the close monitoring of the Federal Bureau of Investigation (FBI), which prompted the release of a White Flash alert warning.

BlackCat ransomware gang, also known as ALPHV, has already compromised 60 entities worldwide. The Ransomware-as-a-service (RaaS) group breached these networks worldwide between November 2021 and March 2022.

The recently established BlackCat group is known for demanding ransom payments in the millions of dollars and for carrying out cyberattacks using Rust, an extremely sophisticated coding language.

This warning, issued by the FBI Cyber Division, is one of several reports the FBI is issuing about the rise in ransomware cases. The warning, according to the FBI, emphasizes the need for increased business awareness in the face of increasingly sophisticated cyberattacks, such as ransomware.

BlackCat Cyberattacks

BlackCat, the ransomware group, is also known as Noberus and AlphaV. According to Forbes, BlackCat has targeted a number of high-profile individuals and sought ransom payments of millions of dollars. In February, the organization claimed responsibility for an attack against Swissport, a provider of aviation services. It had previously named German energy companies Oiltanking and Mabanaft as victims in a letter sent a month earlier.

The fact that this malware was created using the Rust programming language distinguishes BlackCat from numerous cyber ransomware groups. Rust is a coding language that can be used on embedded devices and can be integrated with other languages to create more complex programs.

Aside from being highly customisable, BlackCat's ransomware executable also comes with support for a variety of encryption methods and features, making it simple to tailor cyberattacks to use in a variety of corporate situations.

The FBI confirmed BlackCat's use of Rust, stating, "is the first ransomware group to do so successfully using RUST, considered to be a more secure programming language that offers improved performance and reliable concurrent processing."

BlackMatter as BlackCat

BlackCat is now widely believed to be a rebrand of previous ransomware groups, Darkside and BlackMatter.

According to Bleeping Computer, the FBI stated, "Many of the developers and money launderers for BlackCat/ALPHV are linked to Darkside/Blackmatter, indicating they have extensive networks and experience with ransomware operations."

DarkSide RaaS began operating in August 2020, but it was halted in May 2021 after law enforcement agencies tried to get rid of the gang after the attack on Colonial Pipeline.

As of July 31st, they changed their name to BlackMatter. A member of the LockBit ransomware gang was the first to reveal that BlackCat and BlackMatter are linked to one another, a month after BlackCat ransomware launched in November 2021.

Another piece of evidence supporting this report is the fact that BlackMatter and DarkSide, and BlackCat's ransomware software, both run on Rust.

Defending Systems Against Data Breach

With the release of the FBI's White Flash Warning, the FBI has put together a list of safety precautions for businesses in the United States that want to keep their data safe.

According to Tech Co., here are some of the recommendations to follow that can help protect companies and organizations safe from BlackCat and other ransomware gangs.

When it is possible, use multi-factor authentication.
Examine domain controllers for user accounts that aren't properly arranged.
Use virtual private networks (VPNs) instead of connecting to unsecured networks.
Change passwords for network systems on a regular basis, and use different passwords for different accounts.
Anti-malware and antivirus software should be installed and updated on a regular basis throughout company networks.

Lastly, if a system has been breached, the FBI recommends reporting immediately to the authorities and disabling the payment of ransoms since this will not guarantee files will be retrieved.