"BlackCat Ransomware's Data Exfiltration Tool Gets an Upgrade"

The BlackCat ransomware, also known as ALPHV, is still evolving, and the latest example is a new version of the gang's data exfiltration tool used in double-extortion attacks. BlackCat is a Ransomware-as-a-Service (RaaS) operation considered a successor to Darkside and BlackMatter. It is one of the most sophisticated and technically advanced RaaS operations. Symantec security researchers report that the creator of BlackCat, the first Rust-based ransomware strain, is constantly enhancing the malware with new features. Recently, the focus appears to have shifted to the tool used for data exfiltration from compromised systems, which is required for conducting double-extortion attacks. The tool, called "Exmatter," has been in use since BlackCat's launch in November 2021 and was heavily updated in August 2022. It adds File Transfer Protocol (FTP) as an exfiltration option in addition to SSH File Transfer Protocol (SFTP) and WebDav, offers an option to build a report listing all processed files, and more. In addition to expanded capabilities, the latest Exmatter version has undergone extensive code refactoring to implement existing features more stealthily in order to avoid detection. The deployment of a new malware called "Eamfo," which explicitly targets credentials stored in Veeam backups, is another recent addition to BlackCat's information-stealing ability. This article continues to discuss BlackCat's new version of its data exfiltration tool used for double-extortion attacks.

Bleeping Computer reports "BlackCat Ransomware's Data Exfiltration Tool Gets an Upgrade"