BlackCat affiliate seen using malvertising to spread ransomware

Researchers at eSentire’s Threat Response Unit have observed an affiliate of the ALPHV/BlackCat ransomware cartel using malicious advertising to compromise its victims. The affiliate purchases Google ads, directing users to malicious websites where they unwittingly download Nitrogen, a malware designed to give intruders initial access to a target’s IT environment. The operation has been linked to recent cyber attacks, including those on two Las Vegas casinos, an international cosmetics firm, and a prominent NHS Trust.