Relatively new ransomware, called Black Cat, has reportedly breached 60 different companies around the globe.
The Federal Bureau of Investigation (FBI) has released a white flash report concerning BlackCat, also known as ALPHV. It is known that ransomware gang has been attacking organisations between November 2021 and March 2022.
The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.
BlackCat stays interesting for the researchers because of Rust programming language it was written in, as well as the now long history of “rebranding”.
Researchers believe that BlackCat is a direct descendant of DarkSide and BlackMatter. DarkSide became famous due to the loud case of Colonial Pipeline back in May 2021, following its shutdown by Federal Forces in August 2021.
DarkMatter Ransomware group took its place later on, announcing an improved version of malware, that, ironically, has been cracked by researchers. DarkMatter decryptor is available online, making the ransomware now harmless.
BlackCat operators deny being BlackMatter’s rebranded version, however, they still admit some extent of affiliation, explaining, that they had a different vision and chose to create their own RaaS.