Cisco Talso Analyzes BlackCat RaaS

Cisco Talos reports of BlackCat (aka ALPHV), the notorious Ransomware-as-a-Service (Raas) group, appearing in the cyber threat landscape since November 2021. The threat group has since compromised many companies globally, with over 30% based in the US. Initially thought to be a rebrand of Blackmatter and Darkside ransomware groups, it was identified to be false. An interview conducted by Recorded Future with a BlackCat representative, shared the BlackCat group consists of many affiliates. With some affiliates from BlackMatter and DarkSide. An attack flow was discovered by Cisco Talos, analysis from BlackCat's campaign in September and December with overlaps in TTP. As stated by Cisco Talos "In terms of attack flow, the attacks were similar to other human-operated ransomware attacks: initial compromise, followed by an exploration and data exfiltration phase, then attack preparation and finally, the attack execution."