Details have emerged about what’s the first Rust-language-based ransomware strain spotted in the wild that has already amassed “some victims from different countries” since its launch last month.
The ransomware, dubbed BlackCat, was disclosed by MalwareHunterTeam. “Victims can pay with Bitcoin or Monero,” the researchers said in a series of tweets detailing the file-encrypting malware. “Also looks they are giving credentials to intermediaries” for negotiations.
BlackCat, akin to many other variants that have sprung before it, operates as a ransomware-as-a-service (RaaS), wherein the core developers recruit affiliates to breach corporate environments and encrypt files, but not before stealing the said documents in a double extortion scheme to pressure the targets into paying the requested amount or risk exposure of the stolen data should the companies refuse to pay up.
Security researcher Michael Gillespie called it a “very sophisticated ransomware.”
South Korean cybersecurity company S2W, in a separate analysis of BlackCat, said that the ransomware conducts its malicious actions by referring to an internal configuration like other RaaS programs, calling out its similarities with BlackMatter, another ransomware that emerged from the ashes of DarkSide in July only to sunset its activities in early November.
images from Hacker News