Cybersecurity researchers at Recorded Future have identified a new ransomware variant called BlackNova that has rapidly gained traction in attacks against manufacturing companies. The malware uses a double extortion model, encrypting production systems while simultaneously exfiltrating sensitive intellectual property and threatening public release.
BlackNova distinguishes itself through its targeting of operational technology networks, specifically programmable logic controllers and SCADA systems used in factory automation. The ransomware can propagate through industrial control system protocols, allowing it to spread from IT networks into production environments with devastating speed.
At least 14 manufacturing firms across North America and Europe have been hit by BlackNova since February, with ransom demands ranging from $2 million to $15 million in Bitcoin. Security experts recommend that manufacturers segment their OT and IT networks aggressively and implement offline backups of critical control system configurations.
