ALPHV BlackCat Ransomware

The ALPHV BlackCat ransomware is the newest group that has drawn attention for having the most advanced malware in years. The group was only the third group to be able to write their strain in Rust language, this language is more secure and reliable than the ones used by the other ransomware groups, which use C and C++ language.

The group is still quite new, but already shows great potential to reach the same level as the Ransomware REvil Sodinokibi and Darkside have reached. BlackCat uses the tactic of RaaS (Ransomware as a Service), the group has been offering its malware on Dark Web forums.

The ALPHV ransomware is designed to attack Windows, Linux and VMWare ESXi operating systems. Few groups have achieved this feat.

In addition to all these features, the ransomware moves laterally through a company’s internal network, disabling all company protections, and then installs copies of itself on multiple computers to reach as many files as possible.

The group disclosed in a forum that its encryption can be done in four different ways, which are:

  • Full – complete encryption of the file. The most secure and slowest.
  • Fast – encryption of the first N megabytes. Not recommended for use, the most insecure solution possible, but the fastest.
  • DotPattern – encryption of N megabytes by M-step. If set incorrectly, Fast can work worse in both speed and cryptographic strength.
  • Auto – Depending on the type and size of the file, the cabinet (on both Windows and * nix / ESXi) chooses the best strategy (in terms of speed / security) to process the files.

This shows how serious and advanced this group is compared to other groups. Besides the RaaS Tactic, the group also uses double extortion, which consists of encrypting and extracting files that will be used for blackmail, if the victim does not pay the ransom imposed by the group, the files will be leaked on a website created specifically for the victim company.

Recover Files Encrypted by ALPHV BlackCat Ransomware

The ALPHV BlackCat ransomware has shown itself to be one of the most worrisome groups in the near future, even though they do not have major attacks today, but from everything they have shown their destructive ability is very large.

The good news is that there are companies, such as Digital Recovery, with the ability and technology to recover data encrypted by ransomware.

This type of resource does not solve all of the consequences of the attack, but it dramatically reduces the damage that could be caused by not having access to the data. This type of resource is ideal for companies that need to have access to their files available for full operation.

In this scenario, Digital Recovery has developed technologies capable of recovering data encrypted by virtually any storage device such as HDDs, SSDs, Databases, Storages, RAID systems, Virtual Machines and others.

We have developed exclusive processes that are customized to meet the real needs of each client, all these processes are supported by a Non-Disclosure Agreement (NDA). The recovery is done in a totally secure environment.

Contact us and start the recovery process right now.

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery