What is the BlackCat ransomware attack, and why is it unique?

The so-called BlackCat ransomware has drawn the attention of cyber experts. Here's what you need to know about it.

Written by Vaultree Team

May, 23 2022 in Cybersecurity

Ransomware has undoubtedly grown in popularity as a way for hackers to get financial advantages. In short, they will breach a security system searching for sensitive data and either steal it or block it. Then, the victim will be asked to pay a high price - the ransom - to get access to the data or system again, or to not have it exposed.

There are several ways they use to try and gain access. But, at the same time, there are many tools and techniques that security officials have to employ to keep the criminals at bay. 

Of course, one of the main ones is having good cryptography in place - an encrypted set of files is unreadable. Therefore, it is useless to criminals.

In addition, it is fundamental for companies to keep their working systems backed up. Both these tactics remove the gain for cybercriminals: there is no use in leaking encrypted data, and if they block your access to your server, you just go to the backup.

Still, cybersec professionals always need to be on the lookout as the criminal industry of ransomware attacks is constantly renovating and always innovating.


The BlackCat, or ALPHV, attack


The BlackCat attack is one of those innovations and the cybercriminal gang with the same name has significantly increased its presence in very little time. It first appeared by the end of 2021, but just one month after it surfaced, it already had a high number of victims - all of which were listed on their leak site.

They operate as a RaaS (Ransomware-as-a-Service) provider, making their work even more unpredictable and widespread. The gang, ever searching for new "employees", has even been seen soliciting on the dark web and cybercrime forums.


Read Also: Cybercrime has become an industry: don't be just another victim


Their business model operates with large quantities: they will offer "workers" up to 90 per cent share of the ransom payment they would get and pay the remaining percentage to the group itself. With numerous daily attacks, the amount they can achieve can get extremely high. 

BlackCat is known to have targeted mainly organisations in the United States, but there are also victims in Europe, Asia, and many other locations. 

They seem to have no specific sector in mind, and the list of victims includes companies in construction, retail, commercial services, telecommunication, health, and pharmaceuticals. 

The programming innovation

Perhaps most notably, the BlackCat group is one of the first that has coded using the Rust programming language. This programming language has been used in malware before, but not in ransom attacks.

Rust is extremely efficient and secure and a language that allows a high level of customisation, but if used for bad purposes, criminals can change their behaviour and customise their attacks quicker - and also breach into many different operating system architectures.

Read Also: Get to know more advanced tools for data security in companies


Still, it is not all-mighty. Companies can and should protect themselves. As we've said, there are many techniques and tools for cybersecurity that add several layers of defence against all sorts of cybercrime, including those coming from BlackCat.

Encryption is one of the most crucial tools, even if not the only one - they all work well in tandem. Get in touch with our team to know more about Vaultree's encryption solutions and count on us to keep your data safe.

More from our blog

May, 17 2023 in Cybersecurity

Unmasking Social Engineering Attacks: Types and Prevention Techniques

What you need to know to strengthen your human firewall and keep your data safe

Author: Vaultree Team

February, 07 2023 in Cybersecurity

How encryption can help the finance industry win the battle against cyberattacks

Why fully functional data-in-use encryption is THE tool to help financial institutions mitigate the costs of data breaches.

Author: Vaultree Team

December, 15 2022 in Cybersecurity

Why Cybersecurity must be a top priority in Healthcare

The healthcare industry is a target for cybercriminals. Here's how cybersecurity can help protect data - and lives.

Author: Vaultree Team