BlackCat (alternatively referred to as ALPHV) is a relatively recent ransomware-as-a-service (RaaS) operation that was discovered in December 2021 and that is set apart by a variety of unique qualities that differentiates it from other ransomware campaigns.
Ransomware-as-a-Service is an illegal ‘parent-affiliate(s)’ business architecture in which operators (i.e., the owner and/or creator of malicious software) provide tools to affiliates (i.e., customers) for the purpose of conducting ransomware attacks.
What Is ALPHV/BlackCat Ransomware?
The ransomware is entirely command-line driven, human-operated, and easily programmable, having the ability to apply a variety of encryption algorithms, spread across systems, terminate virtual machines and ESXi VMs, and automatically delete ESXi snapshots to prevent recovery.
Each ALPHV ransomware executable includes a JSON configuration file that allows for modification of extensions, ransom messages, the manner in which data is encrypted, forbidden folders/files/extensions, and the services and processes that are automatically terminated.
RUST is chosen as a modern cross-platform low-level programming language. In the console command, the project name is alphv-N(ext)G(eneration). We have made a truly new product, with a new look and approach that meets modern requirements for both a RaaS solution and high-class commercial software.
The BlackCat ransomware gang, also known as ALPHV,