This week, Microsoft warned that the BlackCat ransomware group, also known as AlphV, are leveraging exploits for unpatched Exchange server vulnerabilities to access victim networks. BlackCat was first seen in November 2021 when at the time, it was one of the only ransomware groups utilizing the Rust programing language. They likely are the pioneers of ransomware groups using uncommon programming languages to evade detection. In a report published by Microsoft, a representative stated, “In another incident we observed, we found that a ransomware affiliate gained initial access to the environment via an internet-facing Remote Desktop server using compromised credentials to sign in,” the researchers said, pointing out how “no two BlackCat ‘lives’ or deployments might look the same.” Ransomware attacks continue to be extremely lucrative for criminal gangs and therefore the ransomware ecosystem continues to group, become more efficient, and evolve with each attack. Microsoft believes several ransomware gangs have started distributing BlackCat, such as Hive, Conti, REvil, and LockBit. According to the FBI, BlackCat ransomware attacks have victimized at least 60 entities worldwide as of March 2022.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is