An Investigation of the BlackCat Ransomware via Trend Micro Vision One

Trend Micro -

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

Ransomware

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model.

By: Lucas Silva, Leandro Froes April 18, 2022 Read time:  ( words)

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model. Our data indicates that BlackCat is primarily delivered via third-party frameworks and toolsets (for example, Cobalt Strike) and uses exploitation of exposed and vulnerable applications (for example, Microsoft Exchange Server) as an entry point. 

BlackCat has versions that work on both Windows and Linux operating systems and in VMware’s ESXi environment. In this incident, we identified the

Read More: https://www.trendmicro.com/en_us/research/22/d/an-investigation-of-the-blackcat-ransomware.html