The Black Cat Ransomware gang, aka ALPHV, confirmed that they were earlier associated with the infamous BlackMatter/DarkSide ransomware campaign. ALPHV/Black Cat is the latest ransomware operation launched last year in November and built in the Rust programming language, which is rare for ransomware attacks. The ransomware can be customized, via different encryption methods and options that allow attacks on a variety of corporate organizations.
The ransomware group identifies itself as ALPHV, however, MalwareHunterTeam, a cybersecurity firm, calls the ransomware as Black Cat, because a black cat image is shown on the target's Tor payment page. The ransomware campaigns often run as Ransomware as a Service (RaaS,) where the core team develops ransomware attacks and manages servers, and adverts ( affiliates) are hired to compromise corporate networks and organize attack campaigns. In this sort of assignment, the core team earns around 10-30% of ransomware payment, and the affiliate earns the rest.
The earnings depend on how much ransom is brought by different affiliates in the campaign. The past has experienced many RaaS operations, where top-level hacking groups, when shut down by the government, resurface with a new name. These include- GandCrab to Revil, Maze to Egregor, and DarkSide to BlackMatter. Few believe that Conti resurfaced as Ruk, however, experts believe these two operate separately under the TrickBot group and are not affiliated with each other.
Meanwhile few affiliates team up with a single RaaS campaign, it is also common for affiliates to work with multiple hacking groups. "While the BlackCat ransomware operators claim that they were only DarkSide/BlackMatter affiliates who launched their own ransomware operation, some security researchers are not buying it. Emsisoft threat analyst Brett Callow believes BlackMatter replaced their dev team after Emsisoft exploited a weakness allowing victims to recover their files for free and losing the ransomware gang millions of dollars in ransoms," reports Bleeping Computer.
