A new ransomware-as-a-service (RaaS) operation has been aggressively recruiting affiliates from other ransomware groups and is targeting organizations worldwide. The name of the organization is called ‘BlackCat’ (also known as ALPHV).

As is the case with other RaaS groups, BlackCat extorts money from victims by stealing sensitive information, and encrypts systems. The thing that makes BlackCat different is the fact that they’ve gone one step further by threatening to launch a denial-of-service (DDoS) attack if its demands aren’t met.

Also, BlackCat has gained traction since late 2021 by offering payouts to affiliates of up to 90%.

BlackCat ransomware is written in the Rust programming language. This is attractive to cybercriminals because it reduces the chances of the ransomware containing bugs that security researchers may be able to exploit. Rust also makes it fast to find and encrypt files on targeted networks, and it’s able to be run on Windows and Linux machines.

It has been reported that BlackCat may have been responsible for recent attacks on two German oil companies, causing serious disruption for hundreds of gas stations. It also caused one of the largest oil and gas companies to reroute supplies.

Some reports suggest that BlackCat has demanded as much as $14 million is their attacks.

So how can you protect against BlackCat Ransomware? These tips can help:

• Make secure offsite backups

• Run up-to-date security solutions and ensure that your computers are protected with the latest security patches against vulnerabilities

• Use hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication

• Encrypt sensitive data wherever possible

• Educate and inform staff about the risks and methods used by cybercriminals to launch attacks and steal data

What if your organization is hit with BlackCat ransomware? Should you pay the ransom? That is a decision only your company can make. The more companies who pay the ransom, the more likely BlackCat will launch similar attacks in the future.

However, your business may feel like they have to pay the ransom if the alternative is to risk the entire business.

No matter what your organization decides, you should inform law enforcement of the attack and cooperate with them to help them investigate.

Also keep in mind that paying the ransom doesn’t mean you’ve erased the problem. If you don’t find out what went wrong – why – and fix it, you could easily fall victim to another attack.

Story via Tripwire