Alphv Ransomware Group

Threat Actor updated 6 days ago (2024-09-08T01:17:40.879Z)
Download STIX
Preview STIX
The ALPHV ransomware group, also known as BlackCat, is a significant cybersecurity threat that has been involved in several high-profile attacks. This threat actor, believed to be linked to Russian organized crime, has claimed responsibility for various cyberattacks, including the MGM Resorts breach, where they exploited LinkedIn to identify and target an employee. The group also publicized their attack on QSI Banking, which took place on October 14, 2023. Furthermore, in March 2023, the group allegedly orchestrated a data breach against Ring. In 2024, the group launched a concentrated campaign against the healthcare sector. They claimed responsibility for a series of attacks, one of which was on Change Healthcare, a crucial financial and claims processing link in the US healthcare services industry. The attack, conducted by an affiliate of the ALPHV group on February 21, 2024, led to substantial disruptions in healthcare payments. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) subsequently issued warnings about the threat posed by the ALPHV ransomware group to the healthcare industry. The emergence of Cicada3301, a ransomware group first detected in June 2024, has raised further concerns. This new group appears to be either a rebranding or derivative of the ALPHV ransomware group, utilizing a ransomware-as-a-service (RaaS) model. Similarly, there is uncertainty surrounding RansomHub's relationship with the ALPHV group, with some speculating it could be a rebrand, an affiliate migration, or an intimidation scam aimed at Change Healthcare. These developments highlight the evolving nature of the threat landscape and underscore the need for continued vigilance and robust cybersecurity measures.
Description last updated: 2024-09-08T01:15:32.420Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
MGM
Healthcare
Ransom
RaaS
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
ContiUnspecified
2
Conti is a notorious malware and ransomware operation that has caused significant damage to computer systems worldwide. The Conti group, believed to have around 200 employees, operated like a regular business, with internal communications revealing the organization's structure and operations. It was
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
7
Alphv, a notable threat actor in the cybersecurity landscape, has been identified as the perpetrator behind several high-profile ransomware attacks. The group, also known as BlackCat, has demonstrated significant capabilities and adaptability, evolving from a standalone entity to a ransomware-as-a-s
Source Document References
Information about the Alphv Ransomware Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Contagio
6 days ago
2024-08-30 Cicada ESXi Ransomware Sample
Malwarebytes
5 months ago
New ransomware group demands Change Healthcare ransom | Malwarebytes
Malwarebytes
5 months ago
New ransomware group demands Change Healthcare ransom | Malwarebytes
InfoSecurity-magazine
5 months ago
Change Healthcare Hit By Cyber Extortion Again
CERT-EU
6 months ago
Change Healthcare Detects Ransomware Attack Vector
CERT-EU
6 months ago
What we know about hacker ransom possibly paid by United Health | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
ALPHV is singling out healthcare sector, say FBI and CISA | Malwarebytes
CERT-EU
8 months ago
The Dark Side Of Cybersecurity | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
The Worst Hacks of 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
9 months ago
Cyberattack On Ultra Intelligence And Communications | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
9 months ago
Ohio Lottery forced to disconnect ‘key’ systems after cyberattack | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
9 months ago
AlphV/BlackCat allegedly calls for ransomware gang ‘cartel’ to stand up to police | IT World Canada News
CERT-EU
9 months ago
ALPHV/BlackCat ransomware operation disrupted, but criminals threaten more attacks
CERT-EU
9 months ago
ALPHV ransomware dark website seized by FBI | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Securityaffairs
9 months ago
FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it
CERT-EU
9 months ago
HTC Global Services confirms cyberattack; Data leak sparks concern
CERT-EU
9 months ago
Payments processor Tipalti investigating ransomware attack
CERT-EU
9 months ago
What it means — CitrixBleed ransom group woes grow as over 60 credit unions, hospitals…
CERT-EU
a year ago
Indian healthcare system needs robust cybersecurity infra. Here’s what experts say | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
Identity and access management (IAM): 10 important ways to avoid vulnerability