FBI Issues Warning About BlackCat Ransomware Operation

HIPAA Journal

Steve Alder

The Federal Bureau of Investigation (FBI) has issued a TLP: WHITE flash alert about the BlackCat ransomware-as-a-service (RaaS) operation. BlackCat, also known as ALPHAV, was launched in November 2021. It was launched shortly after the shutdown of the BlackMatter ransomware operation, which was a rebrand of DarkSide. Darkside was behind the ransomware attack on the Colonial Pipeline. A member of the operation has claimed they are a former affiliate of BlackMatter/DarkSide that branched out on their own. However, it is more likely that BlackCat is simply a rebrand of BlackMatter/DarkSide.

The FBI said many of the developers and money launderers involved with the BlackCat operation have been linked to DarkSide/BlackMatter, which indicates they have extensive networks and considerable experience with running RaaS operations. The BlackCat RaaS operation has not been active for long, but the group has already claimed at least 60 victims worldwide. BlackCat typically targets large organizations and demands ransom payments of several million dollars in Bitcoin or Monero, although the group does appear willing to negotiate payments with victims.

Unusually for ransomware, it is...

Get the Morning Update

Thanks for subscribing!