FBI Is Looking For BlackCat

Uploaded on 2022-04-29 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcement agencies have been busy targeting malicious cyber actors around the world and the Federal Bureau of Investigation (FBI) has sent out a Flash alert asking for information about the threat actor BlackCat also known as Alphv, which has breached at least 60 organisations. 

The flash alert is part of a series of similar reports highlighting the tactics, techniques, and procedures (TTPs) used by and indicators of compromise (IOCs) linked to ransomware variants identified during FBI investigations.

BlackCat has been previously linked to other ransomware groups that have stopped working. The information the FBI wants includes IP addresses, Bitcoin or Monero addresses and transaction IDs, communications, decryptor files, and a sample of an encrypted file.  

Black Cat was apparently used in a German January 2022 campaign that was conducted against two international oil companies. In the advisory, the FBI also warns that the group has compromised roughly 60 entities worldwide.
The ransomware gains access to the victim's system by putting previously compromised user credentials to work. The malware then compromises Active Directory user and administrator accounts, leveraging Windows administrative tools and Microsoft Sysinternals tools. 

According to the FBI’s investigation, BlackCat is the first ransomware group that has successfully used the programming language RUST to commission its attacks. 

The cyber crime group then steals data from the victim before deploying ransomware and demanding that companies pay-up to decrypt their files. According to the FBI, the group’s initial ransom requests are often shocking, but the group has been observed accepting a smaller payment than they formerly demanded.
In their Flash alert the FBI has listed suggested mitigations and actions.

The FBI doesn't encourage paying BlackCat ransoms since victims have no guarantee that this will prevent future attacks or leaks of stolen data.However, the federal agency did acknowledge the damage inflicted by ransomware attacks, which may force company executives to pay the ransom and protect shareholders, customers, or employees.

The affiliated threat actors usually request ransom payments of millions of dollars in cryptocurrency, but often end up accepting payments of much less than the initial demand. Many of the threat actors have been linked to the Darkside and Blackmatter groups, indicating extensive experience when it comes to ransomware operations.

Alphv has been tracked to attacks on two major German oil companies, and Florida International University, though the victims of ransomware are typically in the discretion of the affiliate groups that do the hacking rather than a group like Alphv that programs the malware and licenses its use. 

In the Flash alert, the FBI listed recommended mitigations, including using multi-factor authentication and installing updates/patch operating systems, software and firmware as soon as they are released. 

FBI:      Forbes:     Infosecurity Magazine:     Oodaloop:   Secureworld:     Bleeping Computer:   Unified Guru

You Might Also Read: 

Police Shut Down RaidForums Hackers:

« Enhance Security In Your AWS Cloud
Three Vital Concerns For Companies Running Hybrid Cloud Environments »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Materna Radar Cyber Security

Materna Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Flexera

Flexera

Flexera is reimagining the way software is bought, sold, managed and secured.

Simeio Solutions

Simeio Solutions

Simeio is a complete Identity and Access Management (IAM) solution provider that engages securely with anyone, anywhere, anytime.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

StrongBox IT

StrongBox IT

Strongbox IT provides solutions to secure web applications and infrastructure.

DarkFeed

DarkFeed

DarkFeed is a Threat Intelligence provider that monitors the darknet in real-time, where hackers and Cyber criminals are most active.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

SoConnect

SoConnect

SoConnect provides safe, secured, and taken care of IT, with infrastructure built around you and your business.