ALPHV - BlackCat Ransomware
Key takeaways:
The group is actively recruiting ex-REvil, BlackMatter, and DarkSide operators
Increased activity since November 2021
Lucrative affiliate pay-outs (up to 90%)
Rust-based ransomware executable (fast, cross-platform, heavily customized per victim)
AES encryption by default
Built-in privilege escalation (UAC bypass, Masquerade_PEB, CVE-2016-0099)
Can propagate to remote hosts via PsExec
Deletes shadow copies using VSS Admin
Stops VMware ESXi virtual machines and deletes snapshot
The group's leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater.
Featured Resources
blog
Proactive Security in Action: What Real-World Gaps Reveal About Cyber Resilience
Today’s threat actors move fast, and reactive security is no longer enough. Most breaches have a common root cause: a
E-book
10 Cybersecurity Exposures You Can’t Afford to Ignore
Lessons from Real-World Exposure Validation Think your defenses are airtight?Even well-funded, mature security programs can leave dangerous gaps. This eBook
blog
Kubernetes Security Best Practices: Insights from Real-World Attack Simulations
Securing Kubernetes in production environments is more than a checkbox exercise. It’s a continuous battle against sophisticated attack vectors. Research