Ransomware Group

ALPHV/BlackCat

Also known as: ALPHV, Noberus

Status: inactive • First seen 2021-111,000+ known victims

BlackCat was one of the most advanced ransomware groups until they pulled an exit scam, stealing millions from their own criminal partners and disappearing.

Overview

ALPHV/BlackCat was a sophisticated Rust-based ransomware operation that conducted an exit scam after law enforcement seizure, stealing affiliate funds.

Target Industries

Healthcare, Finance, Critical Infrastructure, Technology

How They Attack

  • Rust-based payload
  • Triple extortion
  • Affiliate program
  • Exit scam

Notable Victims

MGM Resorts (via affiliate, 2023), UnitedHealth (2024)

Is your business exposed?

How to Protect Against ALPHV/BlackCat

  1. 1.

    Monitor for successor groups

  2. 2.

    Watch for affiliate migration

  3. 3.

    Learn from BlackCat TTPs

MITRE ATT&CK Techniques

T1486, T1567, T1078, T1059

Related Groups

Ransomhub, Scattered Spider

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices