Alphv Ransomware Group

Threat Actor updated 22 days ago (2024-11-29T13:59:21.714Z)

Download STIX

Preview STIX

The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breach, where they exploited LinkedIn to identify and target an employee. The group also publicized their attack on QSI Banking, which took place on October 14, 2023. Furthermore, in March 2023, the group allegedly orchestrated a data breach against Ring. In 2024, the group launched a concentrated campaign against the healthcare sector. They claimed responsibility for a series of attacks, one of which was on Change Healthcare, a crucial financial and claims processing link in the US healthcare services industry. The attack, conducted by an affiliate of the ALPHV group on February 21, 2024, led to substantial disruptions in healthcare payments. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) subsequently issued warnings about the threat posed by the ALPHV ransomware group to the healthcare industry. The emergence of Cicada3301, a ransomware group first detected in June 2024, has raised further concerns. This new group appears to be either a rebranding or derivative of the ALPHV ransomware group, utilizing a ransomware-as-a-service (RaaS) model. Similarly, there is uncertainty surrounding RansomHub's relationship with the ALPHV group, with some speculating it could be a rebrand, an affiliate migration, or an intimidation scam aimed at Change Healthcare. These developments highlight the evolving nature of the threat landscape and underscore the need for continued vigilance and robust cybersecurity measures.

Description last updated: 2024-09-08T01:15:32.420Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

MGM

Healthcare

Ransom

RaaS

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Alphv Ransomware Group. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal persona	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Alphv Ransomware Group. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p	Unspecified	7

Source Document References

Information about the Alphv Ransomware Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Contagio	3 months ago	2024-08-30 Cicada ESXi Ransomware Sample
Malwarebytes	8 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
Malwarebytes	8 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
InfoSecurity-magazine	8 months ago	Change Healthcare Hit By Cyber Extortion Again
CERT-EU	9 months ago	Change Healthcare Detects Ransomware Attack Vector
CERT-EU	10 months ago	What we know about hacker ransom possibly paid by United Health \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	10 months ago	ALPHV is singling out healthcare sector, say FBI and CISA \| Malwarebytes
CERT-EU	a year ago	The Dark Side Of Cybersecurity \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	The Worst Hacks of 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Cyberattack On Ultra Intelligence And Communications \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	Ohio Lottery forced to disconnect ‘key’ systems after cyberattack \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police \| IT World Canada News
CERT-EU	a year ago	ALPHV/BlackCat ransomware operation disrupted, but criminals threaten more attacks
CERT-EU	a year ago	ALPHV ransomware dark website seized by FBI \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	a year ago	FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
CERT-EU	a year ago	HTC Global Services confirms cyberattack; Data leak sparks concern
CERT-EU	a year ago	Payments processor Tipalti investigating ransomware attack
CERT-EU	a year ago	What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
CERT-EU	2 years ago	Indian healthcare system needs robust cybersecurity infra. Here’s what experts say \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	a year ago	Identity and access management (IAM): 10 important ways to avoid vulnerability