Ransomware Group
BlackCat (ALPHV)
Also known as: ALPHV, Noberus, BlackCat
Status: disrupted • First seen 2021-11 • 1,000+ known victims
BlackCat was one of the most dangerous ransomware gangs before law enforcement disrupted them. They were technically sophisticated - using Rust programming language for speed and to evade detection. They pulled off major attacks on healthcare, education, and critical infrastructure before the FBI took down their servers.
Overview
BlackCat (ALPHV) was a sophisticated ransomware-as-a-service operation notable for being the first major ransomware written in Rust. The group was highly active until an FBI-led takedown in December 2023, though they briefly resurfaced before appearing to conduct an exit scam on their affiliates in early 2024.
Target Industries
Healthcare, Education, Government, Financial Services, Legal, Manufacturing, Technology
How They Attack
- • Exploiting unpatched vulnerabilities in public-facing applications
- • Purchasing initial access from access brokers
- • Using compromised credentials
- • Social engineering and phishing
- • Abusing legitimate remote access tools
Notable Victims
MGM Resorts (2023), Caesars Entertainment (2023), Reddit (2023), Multiple US healthcare systems, Several universities and school districts
Is your business exposed?
How to Protect Against BlackCat (ALPHV)
- 1.
Patch all public-facing systems and applications immediately
- 2.
Enable MFA on all remote access points
- 3.
Maintain offline, immutable backups
- 4.
Implement network segmentation
- 5.
Deploy EDR with behavioral detection
- 6.
Train employees on social engineering attacks
MITRE ATT&CK Techniques
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required