The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation. BlackCat/ALPHV is a new feature-rich ransomware operation launched in November 2021 and developed in the Rust programming language, which is unusual for ransomware infections. The ransomware executable is highly customizable, with different encryption methods and options allowing for attacks on a wide range of corporate environments. While the ransomware gang calls themselves ALPHV, security researcher MalwareHunterTeam named the ransomware BlackCat after the image of a black cat used on every victim’s Tor payment page. Since then, the ransomware operation has been known as BlackCat when discussed in the media or by security researchers.
Ransomware remains one of the major threats in the cybersecurity ecosystem to any business of substantial size. The best defense is making sure that these threat actors do not gain an initial foothold onto networks in the first place. This can be done by training users to spot and report phishing emails and by having good endpoint monitoring with an Endpoint Detection and Response (EDR) technology and a competent SOC to monitor alerts, or by making use of services like those offered by Binary Defense. It is also important to not expose RDP ports to the public Internet if at all possible and use Multifactor Authentication (MFA) for all Virtual Private Network (VPN) connections as brute forcing these is one of the ways that ransomware threat actors gain initial access. It is also important to have multiple backups, including offline backups, and an incident response plan to quickly get back up and running in case of a ransomware incident.