ALPHV (aka BlackCat), the first professional ransomware strain written in the Rust programming language was discovered by malware researchers from Recorded Future and MalwareHunterTeam.
Other ransomware was written in Rust for research purposes in the past; one of them was published on GitHub in 2020, and the second is a now-defunct strain called BadBeeTeam.
Unlike other malware, ALPHV (BlackCat) is the first Rust ransomware used in real-world attacks by a cybercrime organisation. BlackCat can attack Windows, Linux and VMWare eSXI systems, but the number of victims is currently limited.
Michael Gillespie, a well-known malware researcher, described the BlackCat ransomware as “very sophisticated.”
Experts believe the author of the BlackCat ransomware, known as ALPHV was previously involved in the REvil ransomware operations.
Since early December, ALPHV has been advertising the BlackCat Ransomware-as-a-Service (RaaS) on the cybercrime forums XSS and Exploit. The gang like other ransomware groups, uses a double-extortion model, threatening to leak the stolen data if victims do not pay.
ALPHV is trying to recruit affiliates for its operations, offering them between 80% and 90% of the final ransom, depending on its value. At this time, the BlackCat operations have only claimed a small number of victims in the United States, Australia, and India.
Ransom demands range from a few hundred thousand dollars to $3 in Bitcoin or Monero.
Finally the researchers concluded that ,” the ransomware gang operates multiple leak sites, each of which hosts the data of a couple of victims. This implies that each affiliate has its own leak site.