BlackCat Azure Storage Account RansomOp

The threat actors gained access to the customer's Azure portal, where they obtained the Azure key required to access the storage account programmatically. The adversary encoded the keys using base-64 and inserted them into the ransomware binary with execution command lines below. The “-o” argument targets an Azure Storage account name and access key, and the same binary was executed multiple times to target 39 unique Azure Storage Accounts, resulting in successful encryption.