BlackCat is a sub-group of the Russian-speaking ransomware cybercrime actors AlphaV.
BlackCat initiates entry into a targeted system by exploiting compromised user credentials.
Exploiting this access, it proceeds to compromise both user and admin accounts within the Active Directory. This empowers the threat actors to establish and manipulate organisational Group Policy Objects (GPOs) using the Windows Task Scheduler, with the intention of deploying their ransomware payload.
Once deployed, BlackCat disables security features within your network, facilitating the exfiltration of information before execution of Malware via batch scripts, spreading infection across all available systems and devices.
Meanwhile, your hard drives are continuing to process data in the background, making your system extremely sluggish. Additionally, your antivirus software is deactivated, preventing you from opening it.
At this stage, you’ll receive a ransom note, one that distinguishes BlackCat from other ransomware groups. This note typically includes instructions on how to pay the ransom and regain access to the encrypted files. However there is no guarantee that threat actors will restore system operations and data after payment is made. This is why prevention is the best tactic to employ.
At Solace Cyber, we are experts in dealing with BlackCat ransomware attacks.
We have a 6-step process to investigate what happened and recover your data where possible.
With teams covering the North and South of the UK, we will dispatch the closest team to you the same day that you call us. Once we arrive on site, we will initiate the onboarding process, speaking to your stakeholders to get a picture of the attack and what has happened so far.
We will work with you to put together a response action plan before starting to recover your data.
Our Digital Forensic Incident Response teams will examine the breach from BlackCat and determine any vulnerabilities. Once we have a full understanding of the situation, our on-site and remote teams will work together to prevent the BlackCat attack from spreading further. When we are confident that the threat has been contained, our teams will get to work recovering your data, where possible, and restoring your systems to a secure state.
While working on your system, we will not overwrite any of the attacker's data, keeping it for a forensic report that can to be used in criminal prosecutions and insurance claims.
At the end of the process, you will receive a comprehensive report and a chance to review the process with us to identify areas of improvement.
We maintain communication throughout the recovery process, making sure you understand everything that is going on.
Experience - Solace Cyber understands the importance of a quick response to a malware attack from BlackCat. We have successfully dealt with hundreds of attacks from BlackCat and other similar ransomware groups, so bring a high level of expertise to every call-out.
Accreditation - Our team has achieved recognition as an Assured Service Provider by the National Cyber Security Centre (NCSC), so you can employ us with confidence that we will work to achieve the best outcome possible efficiently. Plus, we have the ISO 27001 accreditation.
Our Approach - Our approach is unique as we implement a digital forensic analysis as we work, ensuring data is not overwritten but saved so that we can write a full forensic report, which can be used as evidence where necessary.
24/7 Security Operation Centre (SOC) Service - we manage our security operations centre 24 hours, seven days a week, ensuring someone is available to deal with any situation that comes in, no matter the time.
National Coverage - Whether you are in Scotland or along the South Coast, we can get a team to your site fast, as we have teams located in the North and South.
If you think you are under a ransomware attack, don’t hesitate to get in touch with us to start the recovery process.
Complete the form to request a complimentary consultation with our specialists and get a plan of action in place immediately.
If you need BlackCat ransomware recovery right away, we would recommend calling us on 01202 308818.
Solace Cyber, part of Solace Global, helps companies across the UK recover from ransomware attacks and data breaches.
SOLACE GLOBAL CYBER LTD is registered in England & Wales no. 08830710
Solace Global
Twin Sails House,
W Quay Rd,
Poole, BH15 1JF
United Kingdom