BlackCat Ransomware That Breached More Than 60 Organizations

The BlackCat ransomware that caused headaches for more than 60 organizations worldwide is now decryptable, thanks to the effort of security researchers.

Yes, you read that correctly. The ransomware, first spotted in the wild in October 2019, can now be decrypted for free.

Any guesses as to what is BlackCat ransomware? How is it different from other ransomware? Read this article and learn about this ransomware in detail.

What Is BlackCat?

BlackCat ransomware is a file-encrypting malware that uses the AES-256 encryption algorithm to make users’ files inaccessible. It was first spotted in October 2019, and since then, it has been used in attacks against more than 60 organizations worldwide. The attackers behind BlackCat ransomware are known for their efficient use of social engineering techniques.

For example, if an employee falls for a phishing email and opens an attachment, the BlackCat ransomware will automatically encrypt all of the organization’s data.

How Is BlackCat Different from Other Ransomware?

Most ransomware uses the same encryption algorithm, which makes them decryptable. However, BlackCat uses the Rust programming language, making it unique and more challenging to decrypt. It’s a new breed of ransomware.

The BlackCat ransomware is also different from other ransomware in its ability to spread laterally. Once it gains access to one system, it can move to other systems on the same network quickly and easily. This makes it very difficult for organizations to contain the infection.

Let’s Understand How BlackCat Ransomware Works

When BlackCat ransomware first infects a system, it will check for any connected drives and network shares. If any are found, the ransomware will attempt to access them.

Once it has access, the BlackCat ransomware will encrypt all files on the drive or share. It will then display a ransom note that includes instructions on paying the ransom and decrypting the files.

Know Some Recent BlackCat Attacks

In February 2020, BlackCat ransomware was used in an attack against the City of Torrance, California. The attack resulted in the city’s email and phone systems being down for several days. It resulted in a loss of more than $1 million. The city is still in the process of recovering from the attack.

In May 2020, BlackCat ransomware was used in an attack against the University of Michigan. The attack encrypted more than 1,500 servers and 30,000 devices. Though the university has not yet released how much the attack cost them, it is believed to be in the millions of dollars.

BlackCat ransomware attacks have victimized at least 60 entities worldwide as of March 2022 since it was first spotted in November 2021.

Austrian federal state Carinthia was also one of the victims of BlackCat ransomware. An employee opened a malicious email attachment, which led to the infection of more than 300 servers. The attackers demanded a ransom of $5 million to unlock the encrypted computer systems.

How to Protect Against BlackCat Ransomware

There are several steps that organizations can take to protect themselves from BlackCat ransomware. Prevention is still better than decryption.

1. Educate employees about the dangers of phishing emails and attachments.
2. Use strong spam filters to block phishing emails from reaching employees’ inboxes.
3. Implement a data backup and recovery plan. It will ensure that your organization can recover from an attack even if the attackers demand a ransom.
4. Use endpoint security solutions to block malicious attachments and prevent them from being executed.
5. Use a firewall to block incoming connections from known malicious IP addresses.
6. Keep your operating system and software up to date with the latest security patches.
7. Implement least privilege principles, and it will ensure that only authorized users have access to sensitive data and systems.
8. Use an application whitelist to prevent unauthorized applications from being executed.
9. Use intrusion detection and prevention systems to detect and block malicious activity.
10. Regularly scan your network for vulnerabilities.

You can protect your organization from BlackCat ransomware and other threats by following the steps listed above.

Conclusion

BlackCat is a new breed of ransomware that uses the Rust programming language. It is more difficult to decrypt than other ransomware. It also has an ability to spread laterally, which makes it unique — once it gains access to one system, it can quickly and easily find its way to other systems on the same network. It is very difficult for organizations to contain.

Organizations can protect themselves from ransomware by taking steps to educate employees about phishing emails, implementing a data backup and recovery plan, and using endpoint security solutions.

So, what do you think of BlackCat ransomware? Do you think it’s a threat to your organization?