Cybercriminal asserts that the authorized QuickBooks solution producer lacks proper tax data security knowledge.
Black Cat (ALPHV) ransomware group has taken responsibility for a data breach and threatened to publicly share the stolen data. The target was Sagenext, which is a cloud hosting provider for accounting and tax services.
Cyber Express contacted Sagenext for confirmation but received no response. The ransomware group accused Sagenext of incompetence in securing tax data, saying they are not taking the issue seriously, which was mentioned on the dark web`s page of the hackers.
Famous Victims of the Black Cat Ransomware
The Black Cat extortion organization has a background of data breaches and cyberattacks against well-known businesses. Amazon-owned Ring, a well-known home security firm, was attacked in March, and the perpetrators said they gained access to their personal information.
Central Missouri Machine Guns and Five Guys were also targeted. In January, the group claimed to have stolen 262 GB of data from Westmont Hospitality Group, with a ransom payment deadline of January 31, 2023.
BlackCat is a ransomware variant coded in Rust that was discovered in November 2021. Its creators aimed to evade traditional security solutions by using a modern language. The ransomware encrypts and exfiltrates data, using “double extortion” to force payment.
BlackCat can attack devices running Windows, Linux, and VMWare instances, with sophisticated features that allow for customization and adaptation to the environment. A Microsoft threat advisory previously warned of its capabilities.
Highly Advanced Hacker Technology
According to an FBI Flash report, BlackCat ransomware uses previously compromised user credentials to sneak into the victim system gaining full access. If it doesn’t have admin privileges, it can be launched through dllhost.exe and set numbers of directions through cmd.exe. The directions can differ based on the customized execution by its partners.
BlackCat deploys Windows Task Scheduler to set up malicious Group Policy Objects (GPOs) for the purpose of delivering the ransomware while endangering Active Directory user and administrator accounts.
During initial distribution, the malware turns off security features in the victim’s network using PowerShell scripts and Cobalt Strike. Moreover, the BlackCat/ALPHV malware compromises Windows administration tools and Microsoft Sysinternals tools.