The Federal Bureau of Investigation (FBI) released a FLASH alert on Tuesday, seeking information pertaining to the threat actor BlackCat. BlackCat has been previously linked to other ransomware-as-a-service groups that have since gone inactive. Information the FBI is looking for includes IP addresses, Bitcoin or Monero addresses and transaction IDs, communications, decryptor files, and a sample of an encrypted file.  Black Cat was allegedly used in a January 2022 campaign that was conducted against two international oil companies located in Germany. In the advisory, the FBI also warns that the group has compromised roughly 60 entities worldwide.

BlackCat leverages credentials that have already been compromised and uses them to get into Active Directory user and administrator accounts. From this stage, the threat group leverages Windows administrative tools and Microsoft Sysinternals tools. According to the FBI’s investigation, BlackCat is the first ransomware group that has successfully used the programming language RUST to commission its attacks. The cybercrime group then steals data from the victim before deploying ransomware and demanding that companies pay up to decrypt their files. According to the FBI, the group’s initial ransom requests are often shocking, but the group has been observed accepting a smaller payment than formerly requested.

Read More: FBI Seeks Info on BlackCat