Alphv Ransomware Group

Threat Actor updated a month ago (2024-09-08T01:17:40.879Z)

Download STIX

Preview STIX

The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breach, where they exploited LinkedIn to identify and target an employee. The group also publicized their attack on QSI Banking, which took place on October 14, 2023. Furthermore, in March 2023, the group allegedly orchestrated a data breach against Ring. In 2024, the group launched a concentrated campaign against the healthcare sector. They claimed responsibility for a series of attacks, one of which was on Change Healthcare, a crucial financial and claims processing link in the US healthcare services industry. The attack, conducted by an affiliate of the ALPHV group on February 21, 2024, led to substantial disruptions in healthcare payments. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) subsequently issued warnings about the threat posed by the ALPHV ransomware group to the healthcare industry. The emergence of Cicada3301, a ransomware group first detected in June 2024, has raised further concerns. This new group appears to be either a rebranding or derivative of the ALPHV ransomware group, utilizing a ransomware-as-a-service (RaaS) model. Similarly, there is uncertainty surrounding RansomHub's relationship with the ALPHV group, with some speculating it could be a rebrand, an affiliate migration, or an intimidation scam aimed at Change Healthcare. These developments highlight the evolving nature of the threat landscape and underscore the need for continued vigilance and robust cybersecurity measures.

Description last updated: 2024-09-08T01:15:32.420Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

MGM

Healthcare

Ransom

RaaS

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Conti Malware is associated with Alphv Ransomware Group. Conti is a notorious type of malware, specifically ransomware, that infiltrates computer systems to steal data and disrupt operations. The malicious software often spreads through suspicious downloads, emails, or websites, and once inside, it can hold data hostage for ransom. The Conti ransomware op	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Alphv Threat Actor is associated with Alphv Ransomware Group. AlphV, also known as BlackCat, is a notorious threat actor that has been active since November 2021. This group pioneered the public leaks business model and has been associated with various ransomware families, including Akira, LockBit, Play, and Basta. AlphV gained significant attention for its la	Unspecified	7

Source Document References

Information about the Alphv Ransomware Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Contagio	a month ago	2024-08-30 Cicada ESXi Ransomware Sample
Malwarebytes	6 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
Malwarebytes	6 months ago	New ransomware group demands Change Healthcare ransom \| Malwarebytes
InfoSecurity-magazine	6 months ago	Change Healthcare Hit By Cyber Extortion Again
CERT-EU	7 months ago	Change Healthcare Detects Ransomware Attack Vector
CERT-EU	7 months ago	What we know about hacker ransom possibly paid by United Health \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	8 months ago	ALPHV is singling out healthcare sector, say FBI and CISA \| Malwarebytes
CERT-EU	9 months ago	The Dark Side Of Cybersecurity \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	The Worst Hacks of 2023 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	10 months ago	Cyberattack On Ultra Intelligence And Communications \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	Ohio Lottery forced to disconnect ‘key’ systems after cyberattack \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	10 months ago	AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police \| IT World Canada News
CERT-EU	10 months ago	ALPHV/BlackCat ransomware operation disrupted, but criminals threaten more attacks
CERT-EU	10 months ago	ALPHV ransomware dark website seized by FBI \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	10 months ago	FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
CERT-EU	10 months ago	HTC Global Services confirms cyberattack; Data leak sparks concern
CERT-EU	10 months ago	Payments processor Tipalti investigating ransomware attack
CERT-EU	10 months ago	What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
CERT-EU	a year ago	Indian healthcare system needs robust cybersecurity infra. Here’s what experts say \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting
CERT-EU	a year ago	Identity and access management (IAM): 10 important ways to avoid vulnerability