Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

FBI sounds the alarm over virulent new ransomware strain

Image Description

A virulent new ransomware strain has infected at least 60 different organizations in the last two months, the FBI has warned.

In a Flash report, published late last week, the intelligence agency said that BlackCat, a known ransomware-as-a-service actor, compromised these organizations using a strain written in RUST.

This is somewhat unusual given that most ransomware is written in C or C++. However, the FBI believes these particular threat actors opted for RUST as it’s considered to be a “more secure programming language that offers improved performance and reliable concurrent processing.”

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Mitigations and defenses

BlackCat, also known as ALHPV, usually demands payment in Bitcoin and Monero in exchange for the decryption key, and although the demands are usually “in the millions”, has often accepted payments below the initial demand, the FBI says.

BlackCat also has strong ties to Darkside (aka Blackmatter), the FBI further explains, suggesting that the group has “extensive networks and experience” in operating malware and ransomware attacks. 

The attack usually starts with an already compromised account, which gives the attackers initial access to the target endpoint. The group then compromises Active Directory user and administrator accounts, and uses Windows Task Scheduler to configure malicious Group Policy Objects (GPOs), to deploy the ransomware.

Initial deployment uses PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim’s network.

The attackers are then said to download as much data as possible, before locking up the systems. And they even look to pull data from any cloud hosting providers they could find. 

Finally, with the help of Windows scripting, the group seeks to deploy ransomware onto additional hosts.

The FBI has also created a comprehensive list of recommended mitigations, which include reviewing domain controllers, servers, workstations, and active directories for new or unrecognized user accounts; regularly backing up data, reviewing Task Scheduler for unrecognized scheduled tasks, and requiring admin credentials for any software installation processes.

Date

25 Apr 2022

Sources


Share


Other Blog

  • Microsoft Surface Go 3 release date, leaks and price: what we want to see

    The Microsoft Surface Go 2 is one of the most value-oriented Surface devices in the world. We expect whatever its sequel is to follow in its footsteps, but until then, here’s all we know and want to see from the Surface Go 3.

    Read More
  • iPad deals: don't miss this $50 discount on the brand new iPad Air 4 today

    B&H Photo's latest iPad deals will score you $50 off a brand new iPad Air 4 pre-order, available today in two colors.

    Read More
  • Apple’s new iMac could be unleashed on April 20, with rumors now coming thick and fast

    We could be just a couple of days away from seeing a colorful new range of iMac all-in-ones for 2021.

    Read More
  • The new Microsoft Surface Duo is already up to $900 cheaper in early Black Friday deals

    It's barely a month old, but Microsoft's 'Seasonal sale' is already offering big savings on the Microsoft Surface Duo.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us