Names ALPHV (self given)
ALPHVM (self given)
BlackCat Gang (?)
UNC4466 (Mandiant)
Country [Unknown]
Motivation Financial gain
First seen 2021
Description (Palo Alto) BlackCat (aka ALPHV) is a ransomware family that surfaced in mid-November 2021 and quickly gained notoriety for its sophistication and innovation. Operating a ransomware-as-a-service (RaaS) business model, BlackCat was observed soliciting for affiliates in known cybercrime forums, offering to allow affiliates to leverage the ransomware and keep 80-90% of the ransom payment. The remainder would be paid to the BlackCat author.
The threat actors leveraging BlackCat, often referred to as the 'BlackCat gang,' utilize numerous tactics that are becoming increasingly commonplace in the ransomware space. Notably, they use multiple extortion techniques in some cases, including the siphoning of victim data before ransomware deployment, threats to release data if the ransom is not paid and distributed denial-of-service (DDoS) attacks.
Known affiliates are:
1. Subgroup: Scattered Spider
Observed Countries: Worldwide.
Tools used BlackCat, GO Simple Tunnel, Impacket, LaZagne, MEGAsync, Mimikatz, Munchkin, PsExec, Remcom, WebBrowserPassView.
Operations performed Dec 2021 Global IT services provider Inetum hit by ransomware attack
Dec 2021 Fashion giant Moncler confirms data breach after ransomware attack
Jan 2022 BlackCat ransomware implicated in attack on German oil companies
Jan 2022 String of cyberattacks on European oil and chemical sectors likely not coordinated, officials say
Feb 2022 BlackCat (ALPHV) claims Swissport ransomware attack, leaks data
Apr 2022 BlackCat, believed a rebranded version of the BlackMatter or DarkSide ransomware group, has claimed to have successfully targeted several organizations including a popular Nigerian betting platform Bet9ja, three universities - FIU, NCAT State University, AIT-Thailand, and the largest natural gas supplier in Latin America - TGS, in the past few days.
May 2022 Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems.
May 2022 Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack
Jun 2022 Louisiana authorities investigating ransomware attack on city of Alexandria
Jun 2022 BlackCat Attacks University of Pisa, Demands $4.5M Ransom
Jun 2022 Ransomware gang creates site for employees to search for their stolen data
Jul 2022 BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands
Jul 2022 Bandai Namco confirms hack after ALPHV ransomware data leak threat
Jul 2022 The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.
Aug 2022 Major airline technology provider Accelya attacked by ransomware group
Aug 2022 The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend.
Sep 2022 “BlackCat” attempts to up the pressure on Suffolk County; starts to leak data?
Sep 2022 BlackCat said they breached US Department of Defense contractor and went offline
Oct 2022 ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
Dec 2022 Colombian energy supplier EPM hit by BlackCat ransomware attack
Dec 2022 Toy maker Jakks Pacific reports cyberattack after multiple ransomware groups leak data
Dec 2022 Ransomware gang cloned victim’s website to leak stolen data
Jan 2023 The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.”
Jan 2023 BlackCat Adds Indian Missile Fuel Maker to Its Victims List
Feb 2023 Pennsylvania Health System CEO Confirms BlackCat Attack
Feb 2023 Ransomware gang posts breast cancer patients’ clinical photographs
Feb 2023 Reddit hackers threaten to leak data stolen in February breach
Mar 2023 Amazon-owned Ring denies ‘ransomware event’ following darknet listing
Mar 2023 Indian pharmaceutical giant warns of revenue loss, litigation after ransomware attack
Apr 2023 Australian Law Firm Hack Affected 65 Government Agencies
May 2023 ALPHV gang claims ransomware attack on Constellation Software
May 2023 Legal services platform used by SEC, Pentagon investigating ransomware attack claims
May 2023 Norton Healthcare discloses data breach after May ransomware attack
Jun 2023 BlackCat ransomware fails to extort Australian commercial law giant
Jun 2023 Now BlackCat extortionists threaten to leak stolen plastic surgery pics
Jun 2023 Bangladesh government website leaks citizens’ personal data
>
Jun 2023 AlphV group takes credit for ransomware attack on Georgia county
Jul 2023 BlackCat, Clop claim ransomware attack on cosmetics maker Estée Lauder
Jul 2023 ALPHV ransomware adds data leak API in new extortion strategy
Jul 2023 Japanese watchmaker Seiko breached by BlackCat ransomware gang
Aug 2023 Microsoft: BlackCat's Sphynx ransomware embeds Impacket, RemCom
Sep 2023 BlackCat ransomware hits Azure Storage with Sphynx encryptor
Sep 2023 Alphv group claims the hack of Clarion, a global manufacturer of audio and video equipment for cars
Sep 2023 Product leasing giant warns that sensitive information was stolen during cyberattack
Sep 2023 Large Michigan healthcare provider confirms ransomware attack
Sep 2023 Motel One discloses data breach following ransomware attack
Oct 2023 McLaren Health Care says data breach impacted 2.2 million people
Oct 2023 ALPHV ransomware gang claims attack on Florida circuit court
Oct 2023 The Alphv ransomware gang stole 5TB of data from the Morrison Community Hospital
Oct 2023 BlackCat Climbs the Summit With a New Tactic
Oct 2023 Another small firm suffers a serious ransomware attack: Cadre Services gets mauled by AlphV
Oct 2023 BlackCat ransomware claims breach of healthcare giant Henry Schein
Oct 2023 Advarra hacked, threat actors threatening to leak data
Nov 2023 AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC
Nov 2023 Notorious ransomware gang takes credit for cyberattack on Fidelity National Financial
Nov 2023 The big bad BlackCat tries to bully Hampton-Newport News CSB. Shame on BlackCat.
Nov 2023 Henry Schein re-encrypted by BlackCat again
Nov 2023 HTC Global Services confirms cyberattack after data leaked online
Nov 2023 Trans-Northern Pipelines investigating ALPHV ransomware attack claims
Dec 2023 AlphV claims an attack before even alerting the victim. How will that work out for them?
Dec 2023 If at first you don’t succeed, screw it up again?
Dec 2023 AlphV reacts to law enforcement action by allowing affiliates to attack hospitals, critical infrastructure
Jan 2024 ALPHV ransomware claims loanDepot, Prudential Financial breaches
Feb 2024 UnitedHealth subsidiary Optum hack linked to BlackCat ransomware
Feb 2024 Hessen Consumer Center says systems encrypted by ransomware
Mar 2024 BlackCat ransomware shuts down in exit scam, blames the 'feds'
Counter operations Dec 2023 Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant
Feb 2024 US offers up to $15 million for tips on ALPHV ransomware gang
Mar 2024 US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
Information
Last change to this card: 22 April 2024