SYMBOL | COMMON_NAME | aka. SYNONYMS |
ALPHV, also known as BlackCat or Noberus, is a ransomware family that is deployed as part of Ransomware as a Service (RaaS) operations. ALPHV is written in the Rust programming language and supports execution on Windows, Linux-based operating systems (Debian, Ubuntu, ReadyNAS, Synology), and VMWare ESXi. ALPHV is marketed as ALPHV on cybercrime forums, but is commonly called BlackCat by security researchers due to an icon of a black cat appearing on its leak site. ALPHV has been observed being deployed in ransomware attacks since November 18, 2021.
ALPHV can be configured to encrypt files using either the AES or ChaCha20 algorithms. In order to maximize the amount of ransomed data, ALPHV can delete volume shadow copies, stop processes and services, and stop virtual machines on ESXi servers. ALPHV can self-propagate by using PsExec to remote execute itself on other hosts on the local network.
2024-09-30
⋅
The DFIR Report
⋅
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware BlackCat Nitrogen Loader Sliver |
2024-06-05
⋅
S-RM
⋅
Exmatter malware levels up: S-RM observes new variant with simultaneous remote code execution and data targeting BlackCat BlackMatter Conti ExMatter LockBit REvil Ryuk |
2024-02-29
⋅
CrowdStrike
⋅
The Anatomy of an ALPHA SPIDER Ransomware Attack BlackCat Alpha Spider |
2024-02-22
⋅
Sekoia
⋅
Scattered Spider laying new eggs BlackCat |
2023-12-13
⋅
cocomelonc
⋅
Malware in the wild book AsyncRAT Babuk BlackCat BlackLotus Carbanak HelloKitty Paradise Stealc WinDealer |
2023-12-03
⋅
Twitter (@vxunderground)
⋅
Tweet about ALPHV group compromising Tipalti to pressure its clients. BlackCat BlackCat |
2023-11-16
⋅
CISA
⋅
Scattered Spider Ave Maria BlackCat Raccoon Vidar |
2023-11-16
⋅
The Register
⋅
BlackCat plays with malvertising traps to lure corporate victims BlackCat |
2023-10-30
⋅
eSentire
⋅
Nitrogen Campaign 2.0: Reloads with Enhanced Capabilities Leading to ALPHV/BlackCat Ransomware BlackCat Nitrogen Loader |
2023-09-12
⋅
⋅
ANSSI
⋅
FIN12: A Cybercriminal Group with Multiple Ransomware BlackCat Cobalt Strike Conti Hive MimiKatz Nokoyawa Ransomware PLAY Royal Ransom Ryuk SystemBC |
2023-08-17
⋅
Trellix
⋅
Scattered Spider: The Modus Operandi BlackCat POORTRY |
2023-07-18
⋅
Symantec
⋅
FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware BlackCat Unidentified 103 (FIN8) |
2023-07-13
⋅
MSSP Lab
⋅
Malware analysis report: BlackCat ransomware BlackCat BlackCat |
2023-06-10
⋅
The DFIR Report
⋅
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment BlackCat Cobalt Strike IcedID |
2023-06-01
⋅
Infinitum IT
⋅
BlackCat Ransomware Analysis Report (Paywall) BlackCat |
2023-05-30
⋅
IBM Security
⋅
BlackCat (ALPHV) ransomware levels up for stealth, speed and exfiltration BlackCat BlackCat |
2023-05-22
⋅
Trend Micro
⋅
BlackCat Ransomware Deploys New Signed Kernel Driver BlackCat |
2023-04-19
⋅
Bleeping Computer
⋅
March 2023 broke ransomware attack records with 459 incidents Clop WhiteRabbit BianLian Black Basta BlackCat LockBit MedusaLocker PLAY Royal Ransom |
2023-04-18
⋅
Mandiant
⋅
M-Trends 2023 QUIETEXIT AppleJeus Black Basta BlackCat CaddyWiper Cobalt Strike Dharma HermeticWiper Hive INDUSTROYER2 Ladon LockBit Meterpreter PartyTicket PlugX QakBot REvil Royal Ransom SystemBC WhisperGate |
2023-04-03
⋅
Mandiant
⋅
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access LaZagne BlackCat MimiKatz |
2023-03-30
⋅
United States District Court (Eastern District of New York)
⋅
Cracked Cobalt Strike (1:23-cv-02447) Black Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit Mount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader |
2023-03-21
⋅
Github (rivitna)
⋅
BlackCat v3 Decryptor Scripts BlackCat BlackCat |
2022-11-09
⋅
Netskope
⋅
BlackCat Ransomware: Tactics and Techniques From a Targeted Attack BlackCat ExMatter |
2022-10-25
⋅
Microsoft
⋅
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector BlackCat Mount Locker PortStarter Zeppelin Vanilla Tempest |
2022-10-10
⋅
RiskIQ
⋅
DEV-0832 Leverages Commodity Tools in Opportunistic Ransomware Campaigns BlackCat Mount Locker SystemBC Zeppelin |
2022-09-22
⋅
ComputerWeekly
⋅
ALPHV/BlackCat ransomware family becoming more dangerous BlackCat BlackCat FIN7 |
2022-09-22
⋅
Broadcom
⋅
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics BlackCat BlackMatter DarkSide |
2022-09-08
⋅
Sentinel LABS
⋅
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection AgendaCrypt Black Basta BlackCat PLAY |
2022-09-06
⋅
SecurityScorecard
⋅
TTPs Associated With a New Version of the BlackCat Ransomware BlackCat |
2022-08-22
⋅
Microsoft
⋅
Extortion Economics - Ransomware’s new business model BlackCat Conti Hive REvil AgendaCrypt Black Basta BlackCat Brute Ratel C4 Cobalt Strike Conti Hive Mount Locker Nokoyawa Ransomware REvil Ryuk |
2022-08-11
⋅
SecurityScorecard
⋅
The Increase in Ransomware Attacks on Local Governments BlackCat BlackCat Cobalt Strike LockBit |
2022-07-18
⋅
SecurityScorecard
⋅
A Deep Dive Into ALPHV/BlackCat Ransomware BlackCat |
2022-07-14
⋅
Sophos
⋅
BlackCat ransomware attacks not merely a byproduct of bad luck BlackCat BlackCat |
2022-06-29
⋅
Group-IB
⋅
Fat Cats - An analysis of the BlackCat ransomware affiliate program BlackCat BlackCat |
2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs Conti Hive BlackByte BlackCat Clop LockBit Mespinoza Ragnarok |
2022-06-23
⋅
Kaspersky
⋅
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form) BlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker |
2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat |
2022-06-13
⋅
Microsoft
⋅
The many lives of BlackCat ransomware BlackCat Velvet Tempest |
2022-06-07
⋅
AdvIntel
⋅
BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive BlackCat BlackCat Cobalt Strike |
2022-06-01
⋅
Jorge Testa
⋅
Killing The Bear - Alphv BlackCat BlackCat |
2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 BlackCat Conti LockBit |
2022-05-23
⋅
Trend Micro
⋅
LockBit, Conti, and BlackCat Lead Pack Amid Rise in Active RaaS and Extortion Groups: Ransomware in Q1 2022 (PDF) BlackCat Conti LockBit |
2022-05-20
⋅
AdvIntel
⋅
DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape AvosLocker Black Basta BlackByte BlackCat Conti HelloKitty Hive |
2022-05-09
⋅
Microsoft Security
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself Griffon BazarBackdoor BlackCat BlackMatter Blister Gozi LockBit Pandora Rook SystemBC TrickBot |
2022-05-09
⋅
Microsoft
⋅
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself AnchorDNS BlackCat BlackMatter Conti DarkSide HelloKitty Hive LockBit REvil FAKEUPDATES Griffon ATOMSILO BazarBackdoor BlackCat BlackMatter Blister Cobalt Strike Conti DarkSide Emotet FiveHands Gozi HelloKitty Hive IcedID ISFB JSSLoader LockBit LockFile Maze NightSky Pandora Phobos Phoenix Locker PhotoLoader QakBot REvil Rook Ryuk SystemBC TrickBot WastedLocker BRONZE STARLIGHT |
2022-04-29
⋅
The Record
⋅
German wind farm operator confirms cybersecurity incident Black Basta BlackCat |
2022-04-27
⋅
⋅
ANSSI
⋅
LE GROUPE CYBERCRIMINEL FIN7 Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot |
2022-04-19
⋅
FBI
⋅
FBI Flash CU-000167-MW: BlackCat/ALPHV Ransomware Indicators of Compromise BlackCat |
2022-04-18
⋅
AdvIntel
⋅
Enter KaraKurt: Data Extortion Arm of Prolific Ransomware Group AvosLocker BazarBackdoor BlackByte BlackCat Cobalt Strike HelloKitty Hive Karakurt |
2022-04-18
⋅
Trend Micro
⋅
An Investigation of the BlackCat Ransomware via Trend Micro Vision One BlackCat |
2022-04-08
⋅
The Hacker News
⋅
Researchers Connect BlackCat Ransomware with Past BlackMatter Malware Activity BlackCat BlackMatter BlackCat BlackMatter |
2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat |
2022-04-07
⋅
Kaspersky
⋅
A Bad Luck BlackCat BlackCat BlackCat |
2022-03-23
⋅
CrowdStrike
⋅
Falcon OverWatch Threat Hunting Contributes to Seamless Protection Against Novel BlackCat Attack BlackCat |
2022-03-17
⋅
Cisco
⋅
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate BlackCat BlackMatter BlackCat BlackMatter |
2022-03-16
⋅
Symantec
⋅
The Ransomware Threat Landscape: What to Expect in 2022 AvosLocker BlackCat BlackMatter Conti DarkSide DoppelPaymer Emotet Hive Karma Mespinoza Nemty Squirrelwaffle VegaLocker WastedLocker Yanluowang Zeppelin |
2022-03-01
⋅
Cybereason
⋅
Cybereason vs. BlackCat Ransomware BlackCat |
2022-02-08
⋅
Trellix
⋅
BlackCat Ransomware as a Service - The Cat is certainly out of the bag! BlackCat BlackCat |
2022-02-02
⋅
ZDNet
⋅
BlackCat ransomware implicated in attack on German oil companies BlackCat BlackCat |
2022-01-28
⋅
KrebsOnSecurity
⋅
Who Wrote the ALPHV/BlackCat Ransomware Strain? BlackCat BlackCat |
2022-01-27
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: BlackCat Ransomware BlackCat |
2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat BlackCat |
2022-01-26
⋅
Intrinsec
⋅
ALPHV ransomware gang analysis BlackCat LockBit |
2022-01-26
⋅
Varonis
⋅
ALPHV (BlackCat) Ransomware BlackCat |
2022-01-18
⋅
SentinelOne
⋅
BlackCat Ransomware | Highly-Configurable, Rust-Driven RaaS On The Prowl For Victims BlackCat |
2021-12-16
⋅
Symantec
⋅
Noberus: Technical Analysis Shows Sophistication of New Rust-based Ransomware BlackCat |
2021-12-10
⋅
Medium s2wlab
⋅
BlackCat: New Rust based ransomware borrowing BlackMatter’s configuration BlackCat BlackMatter |
2021-12-10
⋅
Dissecting Malware
⋅
BlackCatConf - Static Configuration Extractor for BlackCat Ransomware BlackCat |
2021-12-01
⋅
⋅
ID Ransomware
⋅
BlackCat Ransomware BlackCat |