ALPHV BlackCat: 2021’s Most Sophisticated Ransomware

Share post:

The new ALPHV ransomware operation, also known as BlackCat, could be the most sophisticated ransomware of 2021, with highly-customizable features that allow attacks in many environments.

The executable Ransomware is written in Rust, which is very atypical for malware developers, but due to its high performance and memory security is gaining in importance.

The Ransomware is referred to by its developers as ALPHV and enjoys increasing popularity in Russian hacker forums.

MalwareHunterTeam called the ransomware BlackCat because the same favicon of a black cat is used on each victim’s Tor payment site, while the data leak site utilizes a dagger dripping with blood.

Like all Ransomware-as-a-service (RaaS) operations, the ALPHV BlackCat operators cooperate for their activities with affiliates. In return, the affiliates earn varying revenue shares depending on the actual ransom demand.

ALPHV BlackCat can also be configured with domain credentials that are used to distribute the Ransomware from the infected device and encrypt other devices in the network. The executable program then extracts PSExec in the %Temp% folder and uses it to copy the ransomware to other devices in the network and execute it to encrypt the remote Windows machine.

When starting the Ransomware, the affiliate can use a console-based user interface that allows it to closely observe the course of the attack.

ALPHV BlackCat also uses the Windows Restart Manager API to shut down processes and Windows services while keeping a file open for the encryption process.

In addition, BlackCat is capable of carrying out cross-platform attacks, with support for multiple operating systems.

Operating systems on which the Ransomware Group has tested their Ransomware include:

  • All Windows lines 7 and higher (tested on 7, 8.1, 10, 11; 2008r2, 2012, 2016, 2019, 2022); XP and 2003 can be encrypted via SMB.
  • ESXI (tested on 5.5, 6.5, 7.0.2u)
  • Debian (tested on 7, 8, 9);
  • Ubuntu (tested on 18.04, 20.04)
  • ReadyNAS, Synology

Ransomware expert and ID Ransomware creator Michael Gillespie has examined the encryption routine of the Ransomware and could not discover any vulnerabilities that could allow a free decryption. That is how sophisticated BlackCat is.

ALPHV, similar to other ransomware groups, employs a triple-extortion tactic, in which they first commit data theft, before they encrypt devices and threaten to release the data, if no ransom is paid.

Ransoms usually range between $400,000 to $3 million payable in Bitcoin or Monero. Victims who settle in Bitcoin must pay an additional fee of 15% in addition to the ransom.

For more information, you may view the original story from Bleeping Computer.

Featured Tech Jobs


Related articles

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Controversial expansion of US surveillance powers nears Senate vote

The US Senate is poised to vote on a significant expansion of Section 702 of the Foreign Intelligence...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways