One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 3846193 |
| Date de publication | 2021-12-15 14:16:25 (vue: 2021-12-22 04:05:15) |
| Titre | Meet Blackcat: New Ransomware Written in Rust on the Block |
| Texte | FortiGuard Labs is aware of reports that a new ransomware called Blackcat, also known as ALPHV, was spotted in the wild. Blackcat is a yet another ransomware-as-a-service (RaaS) that recruit affiliates for corporate intrusions, encrypting files on the victim's network and stealing confidential files from it in order to get ransom. The ransomware could be the first malware written in Rust programming language.Why is this Significant?This is significant as Blackcat (ALPHV) is a new ransomware that has reportedly claimed victims already. Because it is a RaaS, it recruits affiliates, some of which may already have access to corporate networks. Also, this ransomware could be the first malware written in Rust programming language.What is Blackcat (ALPHV) Ransomware?According to BleepingComputer, Blackcat ransomware was recently advertised on Russian-speaking hacking forums. The ransomware "is entirely command-line driven, human-operated, and highly configurable, with the ability to use different encryption routines, spread between computers, kill virtual machines and ESXi VMs, and automatically wipe ESXi snapshots to prevent recovery".Before encrypting files on the compromised machine, the ransomware terminates processes and Windows services to ensure targeted files are not locked. It also steals files from the affected machine. The attacker then demands ransom in Bitcoin or Monero from the victim for file decryption and not releasing the stolen files to the public. Reportedly, the attacker also asks ransom for not launching Distributed Denial of Service (DDoS) against the victim.The infection vector for Blackcat ransomware varies from an affiliate to affiliate. Typically, ransomware is deployed from another malware delivered via email, the exploitation of vulnerabilities or unsecured Remote Desktop Protocol (RDP) connections. What is Rust?Rust is a programming language that was developed as an alternative to C/C++ in Mozilla. Rust is designed with safety and efficient resource management in mind. All the functionality of C and resource management of Java without the inherent memory security risks of the former and the performance issues of the latter. In February 2021, the Rust foundation was found as a non-profit organization whose primary focus is "to steward the Rust programming language and ecosystem, with a unique focus on supporting the set of maintainers that govern and develop the project".What is the Status of Coverage?FortiGuard Labs provide the following AV coverage against Blackcat (ALPHV) ransomware:W32/Filecoder.OJP!trW32/PossibleThreat |
| Envoyé | Oui |
| Condensat | 2021 ability access according advertised affected affiliate affiliates against all alphv already also alternative another are asks attacker automatically aware because before between bitcoin blackcat blackcat: bleepingcomputer block c/c++ called claimed command compromised computers confidential configurable connections corporate could coverage ddos decryption delivered demands denial deployed designed desktop develop developed different distributed driven ecosystem efficient email encrypting encryption ensure entirely esxi exploitation february file files first focus following former fortiguard forums found foundation from functionality get govern hacking has have highly human infection inherent intrusions issues java kill known labs language latter launching line locked machine machines maintainers malware management may meet memory mind monero mozilla network networks new non not ojp operated order organization performance prevent primary processes profit programming project protocol provide public raas ransom ransomware ransomware:w32/filecoder rdp recently recovery recruit recruits releasing remote reportedly reports resource risks routines russian rust safety security service services set significant snapshots some speaking spotted spread status stealing steals steward stolen supporting targeted terminates then trw32/possiblethreat typically unique unsecured use varies vector victim victims virtual vms vulnerabilities what which whose why wild windows wipe without written yet |
| Tags | Ransomware Malware |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.