Tiago Pereira and Caitlin Huey of Cisco Talos reported that “BlackCat appears to be a case of vertical business expansion .In essence, it’s a way to gain control of the upstream supply chain by making a key service to their business (the RaaS operator) better suited to their needs and adding another source of revenue.”
An examination of two ransomware attacks revealed overlaps in the tactics, techniques and procedures (TTPs) used by BlackCat and BlackMatter indicating a close relationship between the two groups.
BlackCat first appeared in November 2021 and has since targeted several organisations around the world in recent months. It has been compared to BlackMatter, a short-lived ransomware family that arose from DarkSide and gained notoriety for its high-profile attack on Colonial Pipeline in May 2021.
While it is common for ransomware groups to rebrand in response to increased visibility into their attacks, BlackCat (aka Alphv) represents a new frontier in that the cyber crime cartel is made up of affiliates of other ransomware-as-a-service (RaaS) operations.
“In part, we are all connected to gandrevil, blackside , mazegreggor, lockbit, and other companies because we are adverts ,” the unnamed representative was quoted as saying. “We took their benefits and eliminated their drawbacks.”
The cybersecurity firm noted a number of similarities between a BlackMatter attack in September 2021 and a BlackCat attack in December 2021, including the tools and file names used, as well as a domain used to maintain persistent access to the target network.
Finally the researchers concluded that ,” The findings come as BlackBerry revealed LokiLocker, a new.NET-based ransomware family that not only encrypts files but also includes an optional wiper functionality that is designed to erase all non-system files and overwrite the master boot record (MBR) if a victim does not pay up within a specified timeframe. LokiLocker operates as a limited-access ransomware-as-a-service scheme that appears to be sold behind closed doors to a relatively small number of carefully vetted affiliates,“