Alphv Ransomware Group

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

The ALPHV ransomware group, also known as BlackCat, is a threat actor that has been responsible for a series of high-profile cyberattacks on various sectors. The group, which is believed to be connected to Russian organized crime, first gained notoriety when it claimed responsibility for the MGM Resorts cyberattack in September 2023. The group compromised MGM Resorts by simply locating an employee on LinkedIn and then contacting the Help Desk. In October of the same year, they were involved in the QSI Banking ransomware attack, demonstrating their wide-ranging capabilities and targets. In early 2024, ALPHV initiated a deliberate campaign against the healthcare sector. One of their most notable victims was Change Healthcare, a crucial financial and claims processing link in the US healthcare services industry. The attack occurred on February 21, 2024, leading to significant disruptions in healthcare payments. The group's actions have caused major disturbances to critical systems, underscoring their threat level. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have issued warnings about the dangers posed by the ALPHV ransomware group. Despite these alerts, the group's activities continue unabated, with some uncertainty around whether they are transitioning or rebranding to the RansomHub ransomware group. This ongoing threat underlines the need for robust cybersecurity measures across all sectors, particularly those providing essential services.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Ransomhub	1	RansomHub, a threat actor known for executing actions with malicious intent, has recently been linked to several high-profile cyber-attacks. The group is recognized for its ransomware attacks, which have resulted in significant data breaches at multiple companies. Christie, a prominent organization,
Black Cat	1	Black Cat, also known as AlphV, is a prominent threat actor known for its malicious activities in the cybersecurity landscape. The group gained significant attention when it launched an attack on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. This ransomware

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Healthcare

MGM

Ransom

Twitter

Scam

University

Hospital

Banking

Malware

Extortion

Azure

RaaS

Cybercrime

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Conti	Unspecified	2	Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Cactus	Unspecified	1	Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c
Clop	Unspecified	1	Clop is a notorious malware, short for malicious software, known for its disruptive and damaging effects on computer systems. It primarily infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Clop can steal personal information, disrupt o

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Alphv	Unspecified	6	AlphV, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. This group has been involved in numerous high-profile attacks, including stealing 5TB of data from Morrison Community Hospital and compromising Clarion, a global manufacturer of audio and video equipment for car
Scattered Spider	Unspecified	1	Scattered Spider is a prominent threat actor group involved in cybercrime activities with malicious intent. The group employs various tactics to compromise its targets, including phishing for login credentials, searching SharePoint repositories for sensitive information, and exploiting infrastructur
Clop Gang	Unspecified	1	The Clop Gang, a threat actor with malicious intent, has been responsible for significant cybercrimes. This group, like others in the cybersecurity landscape, is known for its harmful actions against various targets. The Clop Gang's activities underscore the need for robust and effective cybersecuri

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Alphv Ransomware Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
Malwarebytes	3 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
Malwarebytes	4 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
InfoSecurity-magazine	4 months ago	Change Healthcare Hit By Cyber Extortion Again
CERT-EU	4 months ago	Change Healthcare Detects Ransomware Attack Vector
CERT-EU	5 months ago	What we know about hacker ransom possibly paid by United Health \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	5 months ago	ALPHV is singling out healthcare sector, say FBI and CISA \| Malwarebytes
CERT-EU	6 months ago	The Dark Side Of Cybersecurity \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	The Worst Hacks of 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	7 months ago	Cyberattack On Ultra Intelligence And Communications \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	Ohio Lottery forced to disconnect ‘key’ systems after cyberattack \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	7 months ago	AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police \| IT World Canada News
CERT-EU	7 months ago	ALPHV/BlackCat ransomware operation disrupted, but criminals threaten more attacks
CERT-EU	7 months ago	ALPHV ransomware dark website seized by FBI \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	7 months ago	FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
CERT-EU	8 months ago	HTC Global Services confirms cyberattack; Data leak sparks concern
CERT-EU	8 months ago	Payments processor Tipalti investigating ransomware attack
CERT-EU	8 months ago	What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
CERT-EU	a year ago	Indian healthcare system needs robust cybersecurity infra. Here’s what experts say \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	9 months ago	Identity and access management (IAM): 10 important ways to avoid vulnerability
CERT-EU	8 months ago	Double blow - A ransomware group reports its victims to the US authorities – Global Security Mag Online