First observed in mid-November 2021 by researchers from the MalwareHunterTeam, BlackCat (aka AlphaVM, AlphaV, or ALPHV) swiftly gained notoriety for being the first major professional ransomware family to be written in Rust, a cross-platform language that enables malicious actors to customize malware with ease for different operating systems like Windows and Linux, thus affording a wide range of enterprise environments.
Since then, BlackCat ransomware has frequently made the headlines for its successive attacks on high-profile targets and its use of triple extortion which has endowed the group with a distinct competitive edge over other RaaS operators. Aside from exposing exfiltrated data, ransomware actors that use triple extortion threaten to launch distributed denial-of-service (DDoS) attacks on their victims’ infrastructure to coerce them to pay the ransom.
Given BlackCat’s reputation for sophisticated and unorthodox methods, the following reasons account for its rising popularity and expanding foothold in the criminal underground:
- BlackCat made its leak site public, thus making stolen information from its victims searchable and accessible.
- It offers its affiliates more substantial payouts, reaching as much as 90% of the paid ransom.
- It uses a private access key token to limit the access of external parties to the group’s negotiation site.
- Its method of incursion to the target organization varies according to the RaaS affiliate that deploys the ransomware payload.
- Security researchers discovered BlackCat’s use of the Emotet botnet to deploy its ransomware payload.