Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Blackcat Ransomware

Feb 18, 2025 | Updated Feb 18, 2025
Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

What Is Blackcat Ransomware in Crypto?

Ransomware is a form of malicious software (malware) that cybercriminals use to hold or lock data on an individual’s computer and demand payment to restore access. Think of it as an attacker holding something valuable to you and asking for a “ransom” to return it.

Blackcat ransomware, also known as ALPHV or Noberus ransomware, is a type of such malware. It is the first prominent malware written in the Rust programming language, known for its high performance and memory safety. What’s more, the threat actors exploit its capability to compromise both Windows- and Linux-based operating systems (OS).

By extension, the malicious actors using this ransomware go by the same moniker as the malware itself. The group initially emerged in November 2021 and has subsequently launched malware attacks against hundreds of organizations worldwide. As such, ALPHV victims span sectors such as the finance, healthcare, energy, technology, and construction industries.

How Does ALPHV Work?

ALPHV operates on a ransom-as-a-service (RaaS) model, where it uses a decentralized affiliate model to allow other threat actors to use the malware to launch attacks. As such, the affiliates can customize the payload, carry out a ransomware attack, and share a percentage of the ransom payment with ALPHV. The attackers often demand payment in cryptocurrencies to ensure their anonymity and keep authorities from tracking them down.

In summary, the Blackcat campaign works as follows:

  1. Initial access – ALPHV uses brute-force attacks, phishing attacks, or unpatched common vulnerabilities and exposures (CVEs) to infiltrate an organization’s systems. 
  2. Establishing persistence – It then establishes a backdoor to a Blackcat-controlled command-and-control server to maintain their access and harvest credentials. The stolen credentials allow them to move laterally throughout the network.
  3. Encrypting data – The group uses Rust language to encrypt sensitive information or files, making them inaccessible without the decryption key.
  4. Double extortion – Technically, the threat actors steal sensitive information before encrypting it. They then threaten to publish it unless the organization pays the ransom.
  5. Ransom demands – The group demands payment for not leaking stolen sensitive information, not launching denial of service (DoS) attacks, and decrypting the affected files. Once executed, the attackers demand ransom payments to be made in cryptocurrencies.
  6. Customizable attacks – Other cybercrime groups can modify the ransomware’s payload to match their victims. In return, the affiliates pay the Blackcat ransomware group a portion of the ransom paid.

Known Plaintext Attack

A known plaintext attack is a type of cyber attack where the bad actor has access to encrypted data and its corresponding plaintext. 

Full definition

Shanghai Upgrade

The Shanghai Upgrade is an upgrade on the Ethereum network that allows stakers and validators to unstake and withdraw their staked Ether.

Full definition

Akash Network

Akash Network is an open-source and decentralized platform that facilitates the buying and selling of cloud computing resources.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.