Kaspersky Serves Up Details On The BlackCat Ransomware Group

Kaspersky may be a company that is under some degree of pressure at the moment. But that hasn’t stopped them from uncovering new threats. Kaspersky threat researchers today published a blog detailing the BlackCat ransomware group and their efforts to target industrial companies. In addition, Kaspersky has found links between the teams of BlackCat, ALPHV, Noberus and BlackMatter. These teams have used a data exfiltration cool called Fendr and ExMatter to target oil, gas, mining, construction and industrial sites. 

Just lovely.

Saryu Nayyar, CEO and Founder, Gurucul had this comment:

“Threat actor groups are now sharing methods and colluding to target organizations, in this case, industrial and critical infrastructure for stealing design information, but also information on controls, presumably to find those systems and cause potential damage or encrypt key files as part of a subsequent ransomware campaign. This shows that attackers are implementing different tactics and techniques, even when using known tools like Fendr for malicious purposes. Current XDR and SIEM solutions, primarily using rule-based ML/AI, will be hard pressed to detect these attacks out of the gate, leaving too many systems widely exposed to threat actors. Organizations must be enabled to ingest more telemetry from even proprietary industrial machines and apply advanced analytics with self-trained machine learning models to stay ahead of ever-changing variants and attack methods that evade defenses and current security operations tools easily. Threat actors partnering in their efforts makes it critical that organizations push the envelope in moving past most vendor claims to evaluate solutions that are best of breed in their capabilities and customizable as IT and security needs evolve.”

There seems to be a never ending stream of these groups going after the targets of their choice. That means that you need to be on point with your security strategy along with your incident response should it come to that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: