The new malware is advertised on two underground forums and has already been used in real attacks.
ALPHV (also known as BlackCat) is the first cybercriminal ransomware group to use malware in the Rust programming language. The new malware is advertised on two underground forums and has already been used in real attacks.
As noted by researchers at Recorded Future and MalwareHunterTeam, ALPHV is technically the third ransomware written in Rust. The first was an experimental malware released in 2020 on GitHub, and the second was the now-defunct BadBeeTeam malware, developed the same year.
Security experts suggest that the ALPHV developers were previously members of the REvil group. ALPHV operators advertised the eponymous ransomware-as-a-service (RaaS) in two underground forums (XSS and Exploit), inviting others to join the ransom attacks against large companies. Malware features include the ability to encrypt data on systems running Windows, Linux and VMWare eSXI. Affiliates are offered income ranging from 80% to 90% of the final buyout.
In line with the tactics of most of the major ransomware groups, ALPHV also engages in double extortion, using stolen data to pressure victims. The group presumably manages multiple leak sites, each containing the data of one or two victims.
Catch up on more articles here
Follow us on Twitter here