HomeRisk ManagementsALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

ALPHV/BlackCat Ransomware Gang Targets Businesses Through Google Ads

Published on

spot_img

The notorious ALPHV/BlackCat ransomware has been found to be using Google Ads as a method of distributing malware. According to eSentire’s Threat Response Unit (TRU), the gang behind the $100m MGM Resorts breach and the leaking of sensitive images of breast cancer patients has now expanded its attack methods to include malvertising.

The security firm intercepted and thwarted attempts by ALPHV/BlackCat affiliates to breach a law firm, a manufacturer, and a warehouse provider within the past three weeks. The group is part of a cybercrime economy with specialized roles, evolving from experienced ransomware operators like REvil, DarkSide, and BlackMatter, with affiliates supporting ALPHV/BlackCat including FIN7, UNC2565, and Scattered Spider.

The new tactic observed by eSentire involves using Google Ads to promote popular software like Advanced IP Scanner and Slack, leading business professionals to attacker-controlled websites. These professionals, believing they are downloading legitimate software, unknowingly install the Nitrogen malware, which serves as initial-access malware. This provides intruders with a foothold in the target organization’s IT environment, allowing the hackers to infect the victim with ALPHV/BlackCat ransomware.

Understanding the severity of the situation, Keegan Keplinger, a senior threat intelligence researcher with TRU, explained that the Nitrogen malware leverages obfuscated Python libraries that compile to Windows executables. These libraries, which are useful for legitimate use cases such as optimizing Python code, are being used to develop malicious malware loaders that can load intrusion tools directly into memory. This indicates a concerning trend in the rise of browser-based cyber-threats, where users unknowingly download malware while browsing.

To address this growing threat, Keplinger emphasized the need for user awareness training to extend beyond email attachments and encompass the risk of browser-based downloads. In response to the eSentire advisory, organizations are recommended to focus on endpoint monitoring, capture and monitor logs for systems not supporting endpoint monitoring, and implement attack surface reduction rules to mitigate browser-based attacks.

The criminal origins of the ALPHV/BlackCat group, along with its connections to former ransomware groups and recent high-profile attacks on MGM Resorts, McClaren Health Care, Clarion, and Motel One, further emphasize the urgency for enhanced cybersecurity measures. This highlights the importance of organizations being proactive in implementing robust cybersecurity measures to protect against the evolving tactics of cybercriminals.

In conclusion, the use of Google Ads by the ALPHV/BlackCat ransomware group to distribute malware serves as a reminder of the ever-evolving nature of cyber threats and the need for organizations to continually adapt and enhance their cybersecurity measures to stay ahead of malicious actors.

Source link

Latest articles

LevelBlue Wins Top MSS Award from Frost & Sullivan

LevelBlue was recently honored with the prestigious Frost & Sullivan’s 2024 Best Practices Competitive...

Number of Victims Paying Ransom Hits Record Low

An incident response firm recently reported that the percentage of organizations opting to pay...

PrivatBank, Ukraine’s Largest Bank, Infected with SmokeLoader Malware

The financially motivated threat actor group UAC-0006 has been identified as the mastermind behind...

Bengaluru Woman Loses ₹2 Crore Due to High Return Stock Trading Scheme Cyber Fraud

A 75-year-old woman in Bengaluru was recently reported to have fallen victim to a...

More like this

LevelBlue Wins Top MSS Award from Frost & Sullivan

LevelBlue was recently honored with the prestigious Frost & Sullivan’s 2024 Best Practices Competitive...

Number of Victims Paying Ransom Hits Record Low

An incident response firm recently reported that the percentage of organizations opting to pay...

PrivatBank, Ukraine’s Largest Bank, Infected with SmokeLoader Malware

The financially motivated threat actor group UAC-0006 has been identified as the mastermind behind...