SPECIAL OFFER: Get up to $70 of Bitcoin with your purchase of select Ledger wallets.

Shop now

Up your Web3 game

Ledger Academy Quests

  • Test your knowledge
  • Earn POK NFTs
Play now See all quests

Blackcat Ransomware

Feb 18, 2025 | Updated Feb 18, 2025
Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

What Is Blackcat Ransomware in Crypto?

Ransomware is a form of malicious software (malware) that cybercriminals use to hold or lock data on an individual’s computer and demand payment to restore access. Think of it as an attacker holding something valuable to you and asking for a “ransom” to return it.

Blackcat ransomware, also known as ALPHV or Noberus ransomware, is a type of such malware. It is the first prominent malware written in the Rust programming language, known for its high performance and memory safety. What’s more, the threat actors exploit its capability to compromise both Windows- and Linux-based operating systems (OS).

By extension, the malicious actors using this ransomware go by the same moniker as the malware itself. The group initially emerged in November 2021 and has subsequently launched malware attacks against hundreds of organizations worldwide. As such, ALPHV victims span sectors such as the finance, healthcare, energy, technology, and construction industries.

How Does ALPHV Work?

ALPHV operates on a ransom-as-a-service (RaaS) model, where it uses a decentralized affiliate model to allow other threat actors to use the malware to launch attacks. As such, the affiliates can customize the payload, carry out a ransomware attack, and share a percentage of the ransom payment with ALPHV. The attackers often demand payment in cryptocurrencies to ensure their anonymity and keep authorities from tracking them down.

In summary, the Blackcat campaign works as follows:

  1. Initial access – ALPHV uses brute-force attacks, phishing attacks, or unpatched common vulnerabilities and exposures (CVEs) to infiltrate an organization’s systems. 
  2. Establishing persistence – It then establishes a backdoor to a Blackcat-controlled command-and-control server to maintain their access and harvest credentials. The stolen credentials allow them to move laterally throughout the network.
  3. Encrypting data – The group uses Rust language to encrypt sensitive information or files, making them inaccessible without the decryption key.
  4. Double extortion – Technically, the threat actors steal sensitive information before encrypting it. They then threaten to publish it unless the organization pays the ransom.
  5. Ransom demands – The group demands payment for not leaking stolen sensitive information, not launching denial of service (DoS) attacks, and decrypting the affected files. Once executed, the attackers demand ransom payments to be made in cryptocurrencies.
  6. Customizable attacks – Other cybercrime groups can modify the ransomware’s payload to match their victims. In return, the affiliates pay the Blackcat ransomware group a portion of the ransom paid.

Joy Of Missing Out (JOMO)

Joy of missing out (JOMO) is a term that describes crypto enthusiasts who are happy they missed out on a plummeting coin or trade.

Full definition

Mining Pool

A mining pool is a collection of crypto miners who combine their computing resources to increase their chances of earning a reward.

Full definition

Fundamental Analysis

Fundamental analysis is a technique traders use to establish the underlying fundamental factors that affect an asset’s intrinsic value.

Full definition