BLACKCAT – RANSOMWARE ON THE PROWL!
“We strongly recommend that you contact us to discuss your situation. Otherwise, the confidential data in our possession will be released in stages every 12 hours. There is a lot of material,” reads the ALPHV statement. The statement is addressed to NJVC, the breached IT firm which supports the federal govt and US dept of defence. This has become the fate of top-level defence and other governmental organisations. The SolarWinds eyeopener hack has still not receded into the background. An open blatant, public domain extortion, is turning out to be signature tune of these hackers, BlackCat has been leading the flock of late. How to create a solid defence doesn’t seem to happening anytime in the near future.
The data is critical, confidential and can be of advantage to any adversary. It also brings down the credibility of organisations hacked, that they have not be able to keep themselves secure. Data is the biggest asset of the day, and deserves the highest level of security. Do whatever it takes, to keep it secure. Beyond a point there can be a backlash. Simpler said than done, but that is the reality of today’s existence both for governmental / defence / intelligence and equally for corporate data, though for different reasons. NJVC supports intelligence, defence, and geospatial organisations, employing 1200 employees worldwide.
NJVC joins the list of victims on its TOR leak site, threatening to release data if not paid ransom. Security Affairs reports that when they tried to ALPHV’s Tor leak site, it was not reachable. They are not sure if there is any specific link for this purpose. Other experts say that the website has been appearing intermittently online and someone has also noticed that name of NJVC was removed from the site. The latest current victim on the leak site was posted on 27th Sept, a day before the DoD contractor was initially posted. BlackCat has been targeting high-profile businesses in critical industries including energy, financial institutions, legal services and technology.
BlackCat has reached a notoriety to the level of becoming an eternal scare, for anyone who feels is on their radar. It has operating since at least in Nov 2021 and launched major attacks in Jan 2022 to disrupt OilTanking GmbH, a German fuel company. They also hacked Swissport in Feb 2022, an aviation company. BlackCat is the fastest growing underground ransomware gang, on the Ransomware-as-a-Service mode. The group has been practicing what we can term as ”quadruple extortion’ by pressing victims to pay – leveraging encryption, data theft, denial of service and harassment. BlackCat is also known as “ALPHV”, or “AlphaVM” and “AphaV”, a ransomware family created in the Rust programming language. Another defence contractor, Elbit Systems of America was also breached by threat actors.
IF WE DON’T REIN IN THE BLACKCATs, RANSOMWARE IS LIKELY TO REACH PANDEMIC LEVELS.