reports that threat actors leveraging the new Noberus ransomware, also known as BlackCat or ALPHV, have used three variants of the first known Rust-based ransomware in a single attack against a victim organization's network.
Symantec researchers discovered that malicious activity commenced on November 3, when the attackers first gained network access and infected two of the victim's systems, but they waited until November 18 before releasing the ransomware.
Attackers leveraged PsExec, which was initially deployed to obtain elevated administrative privileges, to enable PowerShell command execution that disabled Windows Defender
before launching Noberus. Noberus has been discovered to have shadow copy deletion, system data collection, and hidden partition creation capabilities. Symantec also noted that while the attack has been discovered and remediated by the victim organization, network access was regained by its attackers, who launched another Noberus variant.
"In total, three variants of this ransomware were identified during this intrusion, leading to at least 261 machines on the network becoming infected with Noberus," said Symantec.