According to the FBI, BlackCat ransomware breached at least 60 organizations globally as of March. The ransomware gang has been the first to successfully break into networks with Rust-written malware.
The BlackCat ransomware group, also known as ALPHV, is a bunch of new cyber criminals who operate a Windows ransomware-as-a-service. The group emerged onto the ransomware scene in November 2021 and its developers and money launderers are linked by the security researchers and federal law agencies with the notorious Darkside/Blackmatter crime rings. FBI in a security alert [PDF] this week said “indicating they have extensive networks and experience with ransomware operations.”
Cisco Talos and Palo Alto Networks Unit 42 suggest the ransomware group’s preference for Rust. While Unit 42 said the gang was “one of the first, if not the first” of its kind to use this programming language.
The ability of the ransomware gang to write it in Rust instead of C/C++ acts as a crucial safety measure that makes the malware more stable and reliable. Attivo Networks Chief Security Advocate Carolyn Crandall explained the Rust environment can be used to build programs for embedded devices and can integrate with other programming languages
FBI further explained, “Initial deployment of the malware leverages PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network.”
The malware uses Windows Task Scheduler as it compromises Active Directory user and administrator accounts to configure malicious group policy objects to deploy ransomware. Further BlackCat steals the victim’s information before it executes the ransomware and this includes information from cloud providers.
PoC for Recent Java Cryptographic Vulnerability Released
Amazon’s Hotpatch for Log4j Flaw Vulnerable to Privilege Escalation Bug
New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops