The Cybersecurity and Infrastructure Security Agency and the FBI have issued a joint advisory to inform organizations of tactics, techniques and procedures and indicators of compromise associated with the ransomware-as-a-service called ALPHV Blackcat.
ALPHV Blackcat threat actors gain initial access to a company by conducting open source research and using advanced social engineering techniques and then deploy remote access software to exfiltrate data, according to the advisory published Tuesday.
After data encryption and exfiltration, affiliates talk to victims through email, Tox, TOR or encrypted applications.
To mitigate risks posed by ALPHV Blackcat, CISA and the FBI have called on organizations to implement application controls, identify and investigate abnormal activity and potential traversal of indicated ransomware with a networking monitoring tool and implement user training on social engineering and phishing attacks.
The agencies urged organizations to test and validate their security programs against threat behaviors mapped to the Mitre ATT&CK for Enterprise framework.