The BlackCat, aka ALPHV ransomware group, has developed a new approach to compel victims to pay the ransom. To enhance the pressure, the group began releasing victims’ data on the clear web. The public availability of stolen data increases the potential impact on victims.
BlackCat is a Ransomware family that is deployed as a part of a Ransomware as a Service (RaaS). This ransomware first appeared in November 2021. The program is written in the Rust programming language and can run on Windows, Linux-based operating systems (Debian, Ubuntu, ReadyNAS, Synology), and VMWare ESXi. The majority of the group’s victims have been in the United States, although BlackCat and its associates have also targeted organizations in Europe, the Philippines, and other regions. This ransomware can be set to encrypt files using either the AES or ChaCha20 algorithms. It can destroy volume shadow copies, terminate programs and services, and stop virtual machines on ESXi servers to maximize the quantity of ransomed data. Experts have speculated that the creator of BlackCat was previously involved with the REvil ransomware activities. The group implements a double-extortion model, threatening to release the stolen information if the victims do not pay.
Ransomware groups are always modifying their strategies in order to put more pressure on victims. To compel victims to pay, they either expose chunks of the stolen material or send emails to customers and workers informing them that their personal information has been taken. Extortion methods, on the other hand, do not always succeed, and corporations simply refuse to pay.
The purpose of this website is clear: to terrify victims into requesting that their data can only be removed from the website by paying the demanded ransom payment.