Contents:
The group of hackers ALPHV, also known as BlackCat, claimed to have stolen more than one terabyte of data from Conoframa, a French furniture distributor, in a claim note posted on the retail chain’s blog on November 6.
Conoframa had 48 hours starting on November 10 to get in touch with the ransom group to “have a chance to restore your data and safeguard your customers from the leak.”
The stolen material includes:
- Sensitive data.
- Financial records and reports.
- Customer credit card information.
- Marketing.
- Analytical and strategic documents.
- Logistics documents.
- Client personal data.
Additionally, it declared that it would tell all clients, partners, and suppliers of its usage of their financial data for unlawful reasons. Finally, BlackCat threatened to provide Conforama’s rivals access to all internal marketing and analytical data.
Its data breach site states, “This is the only chance they have to rescue their reputation, business, customers’ and partners’ data.”
The hackers posted a sample of the stolen internal documents on the Darknet to pressure the business. BlackCat provided more than a dozen corporate documents, essentially various commercial agreements, as evidence.
A Little Background on BlackCat
ALPHV, commonly known as BlackCat, first appeared in November 2021. Between November 2021 and March 2022, at least 60 businesses worldwide had their networks infiltrated by the BlackCat ransomware group.
BlackCat is written in Rust (Russian), a programming language that targets both Linux and Windows systems. According to cyber security experts, Rust is a far more secure programming language than C and C++. Because Rust is so secure, finding coding flaws is extremely difficult.
In addition, Rust makes it difficult for defenders to reverse-engineer the payloads or compare them to similar trends, which helps criminals evade detection by traditional security techniques.
BlackCat cartel is thought to have a network of agents in the ransomware industry since the FBI believes money launderers for the cartel are connected to the Darkside and Blackmatter ransomware cartels.
BlackCat is one of the ransomware groups that has recently been most active. ANOZR WAY, a cybersecurity analyst, estimates that in 2022, the organization was in charge of about 12% of all attacks.
Most recently, BlackCat ransomware attacked the University of Pisa too. Threat actors demanded that the university administration pay $4.5 million to release encrypted data.
Double & Triple Extorsion
Most people know double extortion as a technique used by ransomware gangs. Typically, ransomware gangs steal sensitive data before infecting networks and systems with ransomware. The stolen data is then used to blackmail the victims into paying the ransom. Finally, the threat actor will publish the stolen information on a data leak website if the ransom is not paid.
BlackCat, however, goes a step further by incorporating the third layer into their extortion model: a DDoS attack if the demanded ransom is not paid by the deadline. Researchers in cyber security are referring to the third layer as triple extortion.
Several organizations in various sectors and countries have already been victims of BlackCat cyberattacks, including “Australia, the Bahamas, France, and even Germany,” according to Pierre-Antoine Failly-Crawford.
Hackers typically demand between 400,000 and 3 million dollars in ransom, depending on the notoriety of the targeted companies and the amount of stolen data.
Conclusion
Ransomware remains one of the most predominant threats to organizations.
Therefore, regular supervision and industry-standard protection techniques are fundamental for businesses and employee awareness, as humans are usually the weakest link, whether it is a misconfiguration or social engineering attack, such as opening phishing emails with a malicious payload.
Now the question is, what better way to dodge the bullet than to prevent malicious cyberattacks?
Heimdal Threat Prevention may be your safest bet. Heimdal Threat Prevention also includes the industry’s most advanced DNS traffic-filtering technology. Additionally, by integrating DoH into the Threat Prevention Endpoint, Heimdal effectively allows organizations to be one step ahead of the curve and achieve a safer and more private manner of navigating the Internet.
If you liked this article and crave more cybersecurity knowledge, follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!
Gabriella is the Social Media Manager and Cybersecurity Communications Officer at Heimdal®, where she orchestrates the strategy and content creation for the company's social media channels. Her contributions amplify the brand's voice and foster a strong, engaging online community. Outside work, you can find her exploring the outdoors with her dog.
