"Ransomware: Alphv/BlackCat Is DarkSide/BlackMatter Reboot"

Security researchers have discovered that the ransomware operation, Alphv, also known as BlackCat, is a reboot of the DarkSide/BlackMatter ransomware group. According to a threat analyst at the security firm Emsisoft, Alphv/BlackCat claims to be former DarkSide/BlackMatter affiliates. However, Alphv/BlackCat is more likely to be a rebrand of DarkSide/BlackMatter attempting to distance itself from that brand because of the reputational damage it faced after making an error that cost affiliates millions of dollars. Alphv/BlackCat follows the Ransomware-as-a-Service (RaaS) business model in which operators or administrators build and maintain the ransomware. Affiliates, which are pre-vetted business partners, can download a personalized version of the crypto-locking malware through a Tor-based portal and then use it in their own attacks. Palo Alto Networks' threat intelligence team, Unit 42, says the affiliates are promised an 80 to 90 percent cut of every ransom payment, with the remaining amount going to the operators. Although Alphv/BlackCat appears to be DarkSide/BlackMatter reboot, it has made some significant mistakes, such as its malware being used in an attack against Colonial Pipeline Co. last year that shut down the largest gasoline pipeline in the US for several days, sparking a political storm. This article continues to discuss the Alphv/BlackCat ransomware gang's connection to DarkSide/BlackMatter, the mistakes made by the ransomware group, and Alphv/BlackCat's growing list of victims.

FraudToday reports "Ransomware: Alphv/BlackCat Is DarkSide/BlackMatter Reboot"