Beware the BlackCat!
Beware the BlackCat!
According to NordLocker, an end-to-end encryption tool with a private cloud, a new ransomware group — AlphaV (BlackCat) — is on the rise. From January 2022 to April 2023, a total of 2 928 ransomware attacks were carried out worldwide.
While the majority of these attacks were carried out by LockBit (963 attacks), BlackCat was the second most dangerous, with 321 attacks carried out in the same period.
What is the BlackCat ransomware group?
BlackCat is a ransomware-as-a-service (RaaS) operation and is one of the most advanced RaaS operations to date. This ransomware is designed to be difficult to uninstall and may attempt to disable antivirus software or other security measures. It can also modify system files and settings to ensure survivability and make recovery from an attack more challenging.
Since its inception in November, the group has carried out 336 attacks worldwide. Typically, it carries out 10 to 20 attacks every month on average. However, April this year saw 53 attacks.
Targets of BlackCat
Typically, large organisations are the victims of this group because they are more vulnerable to data leaks or loss. The ransoms are reported to range from US$400 000 up to US$3 million, and are required to be paid in cryptocurrencies.
Since its inception, the group has attacked a wide range of industries, including construction (12 attacks), finance (12), healthcare (12), transportation (12), retail (11), and manufacturing (10). The most targeted sectors are business services (16), tech (14), and energy (13).
As expected, the attacks are mainly targeted against US companies, with 133 attacks since November 2021, although BlackCat does operate worldwide, with attacks counted in 37 countries. The other most attacked countries are Canada (31 attack records), the UK (11), Australia (9), Italy (9), and Germany (8).
The majority of the companies attacked were in the private sector, but the group also managed to attack three public sector companies in the Netherlands, Germany, and Egypt.
When it comes to its victims, the group is not picky; BlackCat’s targets range from a large American integrated oil and gas company with 40 000 employees to a Brazilian logistics company employing only three people.
How to protect yourself against ransomware
Ransomware is one of the most common cyberthreats facing companies today. While ransomware attacks will only increase in the coming years, you have ways to protect your data, sensitive information, and company reputation.
“Most ransomware attacks on businesses are a result of the human factor. Cybercriminals do not solely use technology – they also gather information and use various psychological tactics, such as social engineering. To avoid falling into these traps, companies need to educate their employees: all employees, regularly,” says Aivaras Vencevičius, head of product for NordLocker.
“Other key points for cybersecurity must include proper file hygiene, encryption and backups, up-to-date software, and zero-trust network access,” he adds.