Black Cat

Black Cat, also known as AlphV, is a threat actor recognized for its malicious cyber activities. The group has been responsible for several high-profile attacks, including one on Change Healthcare, a subsidiary of Optum and UnitedHealth Group (UHG), in late February. Following the attack, Black Cat reportedly shut down in March after receiving a $22 million extortion payment from Optum's Change Healthcare. The group also claimed responsibility for stealing over six terabytes of data, including sensitive medical records. The incident was part of a broader pattern of ransomware attacks by Black Cat, which often involved a double-extortion scheme where data was not only encrypted but also stolen and threatened to be leaked if a ransom wasn't paid. After significant takedowns like those involving LockBit or Black Cat, some operators transition to other threat groups, while others temporarily retreat. A variant known as LockBit Black, more modular and evasive than previous versions, shares similarities with Black Cat ransomware. This suggests that elements of Black Cat's modus operandi may persist in new threats. In April 2023, Darktrace's Cyber AI Analyst identified a Black Cat attack on a customer, demonstrating ongoing activity associated with this threat actor. In an attempt to validate their complaint to the Securities and Exchange Commission (SEC), Black Cat published a screenshot of the form they filled out on the SEC’s Tips, Complaints, and Referrals page. They also reportedly published the response received from the SEC, acknowledging the receipt of their complaint. However, shortly after these incidents, it appeared that Black Cat disbanded, leading to speculations of an exit scam following the substantial extortion payment from Change Healthcare. Despite this, the threat posed by Black Cat and similar actors remains significant due to the potential for individual operators to join other groups or start new initiatives.