The cybercriminals behind the malware claim to have compromised more than a dozen companies; they have aggressively outed victims and purportedly paid a significant share of ransoms back to affiliates.
BlackCat, the latest ransomware threat touted on underground forums, has quickly made inroads into the ransomware-as-a-service cybercriminal marketplace by offering 80% to 90% of ransoms to “affiliates” and aggressively outing victims on a name-and-shame blog.
In less than a month, the BlackCat group has purportedly compromised more than a dozen victims, named those victims on its blog, and broken into the top 10 threats as measured by victim count, according to a recent analysis of the malware by researchers at Palo Alto Networks. The ransomware program seems well-designed and is written in Rust, an efficient programming language that has gained popularity over the past decade.
Currently, five victims are in the United States, two in Germany, and one each in France, the Netherlands, the Philippines, and Spain, with the final victim’s location unknown.
The ransomware platform makes extensive use of configuration files to allow the operator to customize the attack to certain victims, determine what processes to shut down, and even use a customized list of credentials to move laterally within a company, says Doel Santos, a threat intelligence analyst with Palo Alto Networks’ Unit 42 team. Read more:https://bit.ly/3KXZjCZ