The Italian asset manager Azimut has been targeted by the international ransomware group BlackCat, Reuters reported on July 24.
Reuters said that the company disclosed the cyberattack on the same day and added that the firm has rejected any demand for a ransom payment.
The company suggested that the attack did not harm client data, stating:
“The attack did not affect data or information that might allow access to the personal position of clients and financial advisors or the execution of unauthorized transactions.”
Azimut detected unauthorized access to its IT systems during routine monitoring. It promptly informed relevant authorities and initiated an internal safety procedure, which successfully limited the effects of the attack.
The Israeli cybersecurity startup DarkFeed and California-based cybersecurity firm Palo Alto Networks both identified BlackCat as the group responsible for the attack. The latter firm said that BlackCat stole more than 500 GB of data from Azimut.
BlackCat is known to use crypto
Most ransomware groups rely on cryptocurrencies for payment due to the relative difficulty of tracking blockchain transactions.
BlackCat is not an exception. Cybersecurity firm SafeBreach said in 2022 that the group demands ransoms in Monero (XMR) and Bitcoin (BTC) between $400,000 and $3 million. It also suggested that victims must pay an additional 15% fee if they pay in Bitcoin.
The group presumably charges that extra fee due to the fact that Bitcoin has fewer privacy features than Monero. In order to keep illegal Bitcoin transactions private, BlackCat would need to launder funds through a coin mixer and pay the relevant fees. Separate reports from the U.S. Department of Health and Human Services’ cybersecurity division suggests that the group does indeed move Bitcoin through mixers.
Despite BlackCat’s reliance on crypto, Reuters’ report does not make any mention of cryptocurrency or the amount of crypto BlackCat demanded from Azimut.
Incidentally, Azimut itself has invested in blockchain ventures including the mining firm Alps Blockchain and partially crypto-focused asset manager Diaman Partners.
There is no indication that those actions are related to BlackCat’s decision to target the company, as the cybercrime group has targeted various non-crypto organizations. Most recently, the group claimed an attack on cosmetics company Estelle Lauder.