The new ALPHA ransomware operation, dubbed BlackCat, debuted last month and has the potential to be the year’s most sophisticated ransomware, with a highly adjustable feature set that allows for attacks on a wide range of corporate setups.
The ransomware executable is built in Rust, a programming language that is not commonly used by malware authors but is gaining popularity because of its great efficiency and memory safety.
The new ransomware was discovered by MalwareHunterTeam, and the first ID Ransomware submission for the new operation came on November 21st, according to BleepingComputer.
The ransomware was given the moniker BlackCat by MalwareHunterTeam because every victim’s Tor payment site has the identical favicon of a black cat, whereas the data leak site has a bloodied dagger, as illustrated below.
The ALPHA BlackCat operators, like all ransomware-as-a-service (RaaS) operations, hire affiliates to undertake corporate intrusions and encrypt devices.
Affiliates will receive varied revenue splits depending on the magnitude of the ransom payment. For example, the affiliate receives 80% of ransom payments up to $1.5 million, 85% of payments up to $3 million, and 90% of payments exceeding $3 million.