Skip Navigation
BlackBerry Blog

BlackCat Ransomware: Watch BlackBerry Defeat It (Video)

BlackCat ransomware is on the prowl and expanding its attack territory. It has now compromised more than 60 organizations worldwide and this number is likely to grow.

The threat group behind BlackCat, known as ALPHV, recently began offering its malware in the ransomware-as-a-service (RaaS) marketplace, where threat actors can buy subscriptions to the malware and use it to launch their own ransomware campaigns.

This decision to expand BlackCat’s availability beyond ALPHV obscures the group’s presence on any given network or endpoint, while simultaneously growing its reputation and revenue. When other cybercriminals — the subscribers — use BlackCat RaaS, it becomes difficult to determine whether a detected attack is directly attributable to ALPHV. Additionally, third-party threat actors who utilize BlackCat as a service contribute as an extra source of profit to the malware authors.

BlackCat shares proximity with the BlackMatter and DarkSide groups, who famously breached U.S. energy distributor Colonial Pipeline in May 2021, causing widespread gasoline shortages and price increases. Many malware developers behind that attack support BlackCat, as well.

The RaaS version of this threat is based on the Rust programming language, which allows the threat operator to maintain a single code base that can be used on various operating systems. BlackCat is also highly versatile and can be used as ransomware or wiper malware, based on different execution paths. The tool can simultaneously exfiltrate and encrypt files for ransom in so-called “double extortion” attacks.

See how BlackBerry prevents BlackCat attacks in our demo video below, which shows CylancePROTECT® going head-to-head with a live sample of BlackCat ransomware.

DEMO VIDEO: BlackBerry vs. BlackCat Ransomware
 
Learn more about BlackCat ransomware in our deep-dive blog, Threat Thursday: BlackCat Slinks Out of the Shadows with Ransomware-as-a-Service
 
Figure 1 – In the demo video above, two recent samples of BlackCat ransomware are tested against a system guarded by CylancePROTECT.
 
Figure 2 – CylancePROTECT stops BlackCat immediately, preventing the attack before it occurs.
 

BlackBerry Protects Against BlackCat Ransomware

CylancePROTECT® provides automated malware prevention, application and script control, memory protection, and device policy enforcement. This AI-based Endpoint Protection Platform (EPP) blocks cyberattacks and provides controls for safeguarding against sophisticated threats—no human intervention, internet connections, signature files, heuristics, or sandboxes required.

BlackBerry Assistance

The BlackBerry Incident Response team can work with organizations of any size and across any vertical, to evaluate and enhance their endpoint security posture and proactively maintain the security, integrity, and resilience of their network infrastructure. 

For emergency assistance, please email us at DLIR@blackberry.com, or use our handraiser form.

Video Transcript

In this video, we are going to assess the Temporal Predictive Advantage that CylancePROTECT® has against BlackCat, the new ransomware-as-a-service (RaaS) based on the Rust programming language. BlackCat has compromised more than 60 organizations at the time of this recording.

To conduct this test, we have prepared a system with a CylancePROTECT engine from October 2015, with no internet connectivity or operating system updates since 2016. We have two BlackCat samples shared by the FBI in a recent warning. Let’s copy them to our test system.

If we try to execute these files, we will see how our machine learning models are able to predict and prevent the attack, pre-execution.

Prevention is possible with BlackBerry.

 

Hector Diaz

About Hector Diaz

 Senior Technical Marketing Manager at BlackBerry

Hector Diaz is a Senior Technical Marketing Manager for Latin America and the Caribbean at BlackBerry. Hector works with Engineering and Product Management to translate technology concepts into digestible pieces, evangelizing and educating people about Artificial Intelligence (AI) applied to cybersecurity.

With over 15 years of experience in cybersecurity, Hector is a respected professional who is in-demand at trade shows, partner training and customer engagements across Latin America and the Caribbean Region.


Kalila Papanikolas

About Kalila Papanikolas

Kalila Papanikolas is an Editorial Intern at BlackBerry.