BlackCat – aka AlphaVM & AlphaV – is a Ransomware family that is deployed as a part of a Ransomware as a Service (RaaS). It is written in the Rust programming language and can run on Windows, Linux-based operating systems (Debian, Ubuntu, ReadyNAS, Synology), and VMWare ESXi.
This ransomware first appeared in November 2021. The majority of the group’s victims have been in the United States, although BlackCat and its associates have also targeted organizations in Europe, the Philippines, and other regions. Construction and engineering, retail, transportation, commercial services, insurance, machinery, professional services, telecommunication, auto components, and medicines are among the targeted sectors of BlackCat ransomware. This ransomware can be set to encrypt files using either the AES or ChaCha20 algorithms. It can destroy volume shadow copies, terminate programs and services, and stop virtual machines on ESXi servers to maximize the quantity of ransomed data.
Researchers have seen a notable rise in the amount demanded as ransom by this Blackcat ransomware group. This ransomware group competes with other renowned ransomware such as Conti and Lockbit 3.0. They included a sophisticated search feature using stolen victim passwords, and private documents exposed on the TOR network.
Based on recently compromised victims in the Nordic region (not yet publicized by the group), the sum to be reimbursed surpasses $2 million. When the victim is willing to pay, one of the strategies employed gives a discount of about 50%. The average ransom demand made by BlackCat climbed to $2.5 million.
According to the most recent forecast, worldwide ransomware extortion activities would reach $265 billion by 2031, and business losses will top $10,5 trillion globally. These statistics show that ransomware is the greatest shadow economy on the globe as they are producing more financial losses than natural catastrophes.