BlackCat RaaS, also known as ALPHV, first came to light in mid-November and already proved its sophistication. It became the first professional ransomware gang to use Rust-based malware. Now, this aggressive group is making its way to the top, and let’s check out what’s going on.
Diving into details
Unit 42 stated that BlackCat climbed to the seventh position in the global ransomware groups ranking. This ranking is based on the number of victims listed in the group’s data leak site. In less than a month, the gang has amassed more than a dozen victims located in the U.S., Germany, the Netherlands, France, Spain, and the Philippines.
Another report by Sentinel Labs stated that the group has been targeting organizations in India and Australia, and demanding ransom payments between $400,000 and $3,000,000 in Bitcoin or Monero. The victims belong from several sectors, including telecom, construction and engineering, retail, insurance, commercial and professional services, pharma, auto component, and machinery.
Why is BlackCat popular?
Multiple reasons can be factored in in the rise of the ALPHV RaaS. A few of them have been listed below.
Effective marketing to affiliates is one of the foremost reasons. The gang solicits for affiliates in popular dark web forums and lets them keep 80–90% of the ransom payment.
By using the Rust programming language, the developers can easily compile the malware against any OS. Being highly customizable, Rust enables attackers to individualize attacks.
Varonis discovered that BlackCat is actively recruiting former operators from REvil, DarkSide, and BlackMatter. It, moreover, interviews and vets affiliates before adding them into the group.
The bottom line
BlackCat is an advanced and innovative ransomware family that has set its eyes on being a top performer in the ransomware scene. It is rapidly building its reputation in the underworld through its customized attacks. The group seems to be well-funded and is seeking to make fast profits.