The new version of BlackCat ransomware, initially observed by IBM in May, is now reported to be causing chaos worldwide via a previously undiscovered built-in failsafe delivery system.
Microsoft Threat Intelligence discovered that the BlackCat ransomware now being used in recent ransomware attacks is based on the open-source communication tool Impacket, which can be used to spread the ransomware by remote execution.
Cybersecurity firm Coalfire reports that the ALPHV/BlackCat ransomware gang has been causing mayhem over the past year. In August alone, ALPHV/BlackCat attacked at least four companies. They are understood to have leaked sensitive data about employees and corporate assets from each one. Coalfire suspects that the leaders of BlackCat are affiliated with the top ransomware gang, the infamous LockBit.
To protect themselves in the face of this ongoing cyber onslaught, all companies can do is tighten security where suspicious and unauthorized access is concerned while patching non-watertight systems. Realistically, all organizations should accept the relative inevitability of a successful ransomware attack and have what the cybersecurity industry calls the ‘Doomsday Plan’ ready in advance to reduce damage and ensure a speedy recovery of confidential data.
The innovatory and professional skills now being used by gangs such as LockBit and ALPHV/BlackCat are tough to tackle for even the best-resourced and tech-savvy organizations; note the recent successful hacking of Microsoft cloud service, One Drive. But for most firms, complete security is only a pipe dream when a successful breach can result from a single staff member opening a weaponized link in a well-camouflaged email to downloading a dodgy app on their smartphone. Or, as in the case of ALPHV/BlackCat, the criminals are one step ahead and spotting an unlocked back door.
The ALPHV/BlackCat gang also knows how to play dirty to get what it wants. It has recently adopted a strategy of gradually exposing leaks to facilitate ransom payments from reluctant or law-abiding victims. The process is executed by an application programming interface, which enables different applications to communicate the leaks to each other.
But it is the potential involvement of ransomware giant LockBit that truly heralds a looming ransomware storm. The LockBit ransomware group is a rapidly expanding organization run along corporate lines and believed to be responsible for roughly a third of all successful ransomware attacks worldwide. The new version of BlackCat could help LockBit grow its market share considerably while taking ALPHV/BlackCat along for the ride.
