BlackCat

Threat Actor updated 7 months ago (2024-05-04T19:48:25.859Z)

Download STIX

Preview STIX

BlackCat, also known as Alphv, is a Russian-based ransomware-as-a-service group that has recently targeted organizations in the healthcare and academic sectors. Lehigh Valley Health Network (LVHN), which operates 13 hospitals and numerous physician practices and clinics in eastern Pennsylvania, reported being hit with an attack by BlackCat. NextGen Health and PharmaCare Services were among the alleged recent victims listed on BlackCat's leak data site. BlackCat's tooling is constantly changing as they cycle through testing/usage, updating their arsenal frequently. The group demanded a ransom payment from LVHN, but the organization refused to pay. BlackCat has threatened to publish stolen data from Reddit servers if their demands are not met. The group claims to have successfully breached Reddit servers on February 5, 2023, and exfiltrated a total of 80GB of zipped data. In response to BlackCat's demands, Reddit withdrew its API pricing changes, while refusing to pay the $4.5 million ransom demanded by the group. BlackCat's current tactics seem to involve making the most of the current media attention on Reddit and using it to their advantage.

Description last updated: 2023-06-27T10:24:44.723Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Alphv is a possible alias for BlackCat. Alphv, also known as BlackCat, is a notable threat actor in the cybersecurity landscape. Originating from Russia, this cybercriminal group has been involved in multiple high-profile ransomware attacks, specifically targeting healthcare providers. They gained significant attention after stealing 5TB	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Extortion

Ransom

Windows

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BlackCat Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Hacked Reddit Data To Be Published Unless API Changes Dropped, Hackers Say \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Hackers threaten to leak stolen Reddit data if company doesn't pay $4.5 million and change controversial pricing policy \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	2 years ago	Patient data stolen ahead of CentraState cyberattack, impacting 617K \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	a year ago	Hackers Threaten To Leak 80GB of Confidential Data Stolen From Reddit - Slashdot
CERT-EU	a year ago	BlackCat claims attack, criticises API price hike \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	a year ago	BlackCat ransomware gang demands $4.5M, API changes for 80GB leaked Reddit data \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Hackers demand $4.5 million and API price reversal from Reddit \| Engadget
CERT-EU	a year ago	Reddit Files: BlackCat/ALPHV ransomware gang claims to have stolen 80GB of data from Reddit \| IT Security News
SecurityIntelligence.com	a year ago	BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration
CERT-EU	a year ago	BlackCat Ransomware affiliate uses signed kernel driver to evade detection \| IT Security News
CERT-EU	2 years ago	LVHN reports cyberattack by Russian ransomware gang \| Lehigh Valley Regional News \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	2 years ago	LVHN reports cyberattack from suspected Russian ransomware group \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
BankInfoSecurity	2 years ago	Pennsylvania Health System CEO Confirms BlackCat Attack
Malwarebytes	2 years ago	Lehigh Valley Health Network targeted by BlackCat ransomware
BankInfoSecurity	2 years ago	BlackCat Leaking Patient Data and Photos Stolen in Attack
Securityaffairs	2 years ago	NCR was the victim of BlackCat/ALPHV ransomware gang
CERT-EU	2 years ago	BlackCat Ransomware group breaches Australia HWL Ebsworth law firm servers - Cybersecurity Insiders
CSO Online	2 years ago	BlackCat group releases screenshots of stolen Western Digital data
DARKReading	2 years ago	1M NextGen Patient Records Compromised in Data Breach
CERT-EU	a year ago	BlackCat Ransomware Deploys New Signed Kernel Driver \| IT Security News