The Federal Bureau of Investigation (FBI) is asking for information to support its investigation into ransomware as a service (RaaS) criminal group known as BlackCat/ALPHV.
In a FLASH alert issued Tuesday, the FBI said it “is seeking any information that can be shared, to include IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file.”
According to a February report by AT&T Alien Labs, BlackCat/ALPHV was used in a January 2022 campaign against two international oil companies headquartered in Germany, Oiltanking, and Mabanaft. The FBI warned that as of March 2022, the BlackCat/ALPHV group had compromised at least 60 entities worldwide.
The ransomware gains access to the victim’s system by putting previously compromised user credentials to work. The malware then compromises Active Directory user and administrator accounts, leveraging Windows administrative tools and Microsoft Sysinternals tools.
According to the FBI’s investigation, BlackCat/ALPHV is the first ransomware group to successfully use the programming language RUST to commission its attacks. RUST is considered a more secure programming language that offers improved performance and reliable concurrent processing.
The cyber-criminal group steals data from the victim before the deployment of the ransomware, including company or client data stored by cloud providers on the victim’s behalf.
While BlackCat/ALPHV-affiliated threat actors typically request ransom payments of several million dollars in Bitcoin and Monero, the group has been observed accepting ransom payments of a lower value than the amount initially demanded. Read more:https://bit.ly/3rKrDko
You can also read this: FBI, Europol Seize RaidForums Hacker Forum and Arrest Admin