Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Blackcat Ransomware

Feb 18, 2025 | Updated Feb 18, 2025
Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

Blackcat ransomware is a type of malicious software written using the Rust programming language used to procure ransoms from victims.

What Is Blackcat Ransomware in Crypto?

Ransomware is a form of malicious software (malware) that cybercriminals use to hold or lock data on an individual’s computer and demand payment to restore access. Think of it as an attacker holding something valuable to you and asking for a “ransom” to return it.

Blackcat ransomware, also known as ALPHV or Noberus ransomware, is a type of such malware. It is the first prominent malware written in the Rust programming language, known for its high performance and memory safety. What’s more, the threat actors exploit its capability to compromise both Windows- and Linux-based operating systems (OS).

By extension, the malicious actors using this ransomware go by the same moniker as the malware itself. The group initially emerged in November 2021 and has subsequently launched malware attacks against hundreds of organizations worldwide. As such, ALPHV victims span sectors such as the finance, healthcare, energy, technology, and construction industries.

How Does ALPHV Work?

ALPHV operates on a ransom-as-a-service (RaaS) model, where it uses a decentralized affiliate model to allow other threat actors to use the malware to launch attacks. As such, the affiliates can customize the payload, carry out a ransomware attack, and share a percentage of the ransom payment with ALPHV. The attackers often demand payment in cryptocurrencies to ensure their anonymity and keep authorities from tracking them down.

In summary, the Blackcat campaign works as follows:

  1. Initial access – ALPHV uses brute-force attacks, phishing attacks, or unpatched common vulnerabilities and exposures (CVEs) to infiltrate an organization’s systems. 
  2. Establishing persistence – It then establishes a backdoor to a Blackcat-controlled command-and-control server to maintain their access and harvest credentials. The stolen credentials allow them to move laterally throughout the network.
  3. Encrypting data – The group uses Rust language to encrypt sensitive information or files, making them inaccessible without the decryption key.
  4. Double extortion – Technically, the threat actors steal sensitive information before encrypting it. They then threaten to publish it unless the organization pays the ransom.
  5. Ransom demands – The group demands payment for not leaking stolen sensitive information, not launching denial of service (DoS) attacks, and decrypting the affected files. Once executed, the attackers demand ransom payments to be made in cryptocurrencies.
  6. Customizable attacks – Other cybercrime groups can modify the ransomware’s payload to match their victims. In return, the affiliates pay the Blackcat ransomware group a portion of the ransom paid.

Mining Difficulty

Mining difficulty is a measure of how hard and time-consuming it is to mine a new block in a proof-of-work blockchain.

Full definition

Breakout

A breakout is when an asset’s price moves below a support level or above a resistance level. Breakouts are used to identify potential trends and trading opportunities.

Full definition

Ghost Chain

A ghost chain is an effectively abandoned blockchain network with little to no user activity, developer support, or trading volume.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.