Latest ALPHV news

BlackCat ransomware pushes Cobalt Strike via WinSCP search ads

The BlackCat ransomware group (aka ALPHV) is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers.
- Bill Toulas
- July 01, 2023
- 11:18 AM
- 0
Reddit hackers threaten to leak data stolen in February breach

The BlackCat (ALPHV) ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company.
- Lawrence Abrams
- June 18, 2023
- 12:01 PM
- 6
The Week in Ransomware - June 9th 2023 - It’s Clop... Again!

The week was dominated by fallout over the MOVEit Transfer data-theft attacks, with the Clop ransomware gang confirming that they were behind them.
- Lawrence Abrams
- June 09, 2023
- 06:44 PM
- 0
BlackCat ransomware fails to extort Australian commercial law giant

Australian law firm HWL Ebsworth confirmed to local media outlets that its network was hacked after the ALPHV ransomware gang began leaking data they claim was stolen from the company.
- Bill Toulas
- June 09, 2023
- 11:11 AM
- 1
The Week in Ransomware - June 2nd 2023 - Whodunit?

It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about.
- Lawrence Abrams
- June 02, 2023
- 05:47 PM
- 0
Malicious Windows kernel drivers used in BlackCat ransomware attacks

The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks.
- Bill Toulas
- May 22, 2023
- 02:23 PM
- 0
Western Digital says hackers stole customer data in March cyberattack

Western Digital has taken its store offline and sent customers data breach notifications after confirming that hackers stole sensitive personal information in a March cyberattack.
- Lawrence Abrams
- May 07, 2023
- 12:10 PM
- 2
The Week in Ransomware - May 5th 2023 - Targeting the public sector

This week's ransomware news has been dominated by a Royal ransomware attack on the City of Dallas that took down part of the IT infrastructure.
- Lawrence Abrams
- May 05, 2023
- 04:07 PM
- 0
ALPHV gang claims ransomware attack on Constellation Software

Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data.
- Sergiu Gatlan
- May 05, 2023
- 11:04 AM
- 0
Hackers leak images to taunt Western Digital's cyberattack response

The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach.
- Lawrence Abrams
- May 01, 2023
- 08:28 AM
- 3
NCR suffers Aloha POS outage after BlackCat ransomware attack

NCR is suffering an outage on its Aloha point of sale platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
- Lawrence Abrams
- April 15, 2023
- 02:26 PM
- 3
ALPHV ransomware exploits Veritas Backup Exec bugs for initial access

An ALPHV/BlackCat ransomware affiliate was observed exploiting three vulnerabilities impacting the Veritas Backup product for initial access to the target network.
- Bill Toulas
- April 04, 2023
- 11:43 AM
- 0
The Week in Ransomware - January 6th 2023 - Targeting Healthcare

This week saw a lot of ransomware news, ranging from new extortion tactics, to a ransomware gang giving away a free decryptor after attacking a children's hospital.
- Lawrence Abrams
- January 06, 2023
- 07:51 PM
- 1
Ransomware gang cloned victim’s website to leak stolen data

The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim's site to publish stolen data on it.
- Ionut Ilascu
- January 01, 2023
- 03:54 PM
- 0
Colombian energy supplier EPM hit by BlackCat ransomware attack

Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, disrupting the company's operations and taking down online services.
- Lawrence Abrams
- December 16, 2022
- 01:47 PM
- 0
Ransomware data theft tool may show a shift in extortion tactics

Data exfiltration malware known as Exmatter and previously linked with the BlackMatter ransomware group is now being upgraded with data corruption functionality that may indicate a new tactic that ransomware affiliates might switch to in the future.
- Sergiu Gatlan
- September 25, 2022
- 11:14 AM
- 0
BlackCat ransomware’s data exfiltration tool gets an upgrade

The BlackCat ransomware (aka ALPHV) isn't showing any signs of slowing down, and the latest example of its evolution is a new version of the gang's data exfiltration tool used for double-extortion attacks.
- Bill Toulas
- September 22, 2022
- 06:00 AM
- 0
BlackCat ransomware claims attack on Italian energy agency

The BlackCat/ALPHV ransomware gang claimed responsibility for an attack that hit the systems of Italy's energy agency Gestore dei Servizi Energetici SpA (GSE) over the weekend.
- Sergiu Gatlan
- September 02, 2022
- 04:05 PM
- 0
Automotive supplier breached by 3 ransomware gangs in 2 weeks

An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over a two-week span in May, two of the attacks happening within just two hours.
- Sergiu Gatlan
- August 10, 2022
- 05:07 PM
- 0
The Week in Ransomware - August 5th 2022 - A look at cyber insurance

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.
- Lawrence Abrams
- August 05, 2022
- 05:35 PM
- 0