A team of security researchers from the MalwareHunter Team and Recorded Future has discovered the third ransomware developed in the RUST programming language named ALPHV or BlackCat.
After the release of the PoC strain, that uses Rust language for ransomware on GitHub in 2020 BlackCat is the first professional ransomware group to use Rust. ALPHV (BlackCat) is the first one to be created and deployed in the wild by what looks to be a professional cybercrime cartel.
According to the Recorded Future analysts, ALPHV (BlackCat) author was previously involved with the infamous REvil ransomware cartel in some sort of capacity. Following REvil’s model, since early December, this individual—also going by the name of ALPHV—has been advertising a Ransomware-as-a-Service (RaaS) of the same name on two underground cybercrime forums (XSS and Exploit), inviting others to join and launch attacks against large companies to extract ransom payments they can then divide. Those who apply, known as “affiliates,” receive a version of the ALPHV (BlackCat) ransomware they can use in attacks.
According to the MalwareHunter Team, currently, ALPHV is in the early stage of operations and they have only a handful of the victims that have been identified to date. The researcher didn't have the BlackCat gang's initial entry vector, but when the gang breach the network they search and steal sensitive files and then encrypt local systems.
As BlackCat has a handful number of victims, they host the data of one or two victims in multiple leak sites and create new sites for new attacks.
Michael Gillespie, a malware analyst at Emsisoft and the author of tens of ransomware decryption utilities has mentioned the BlackCat as very sophisticated ransomware.
Other than BlackCat, BuerLoader, and FickerStealer ransomware developers have stepped up to use Rust as it is considered a much secure programming language compared to C and C++.