Blackcat Ransomware Group

Malware updated a day ago (2024-09-06T22:17:42.296Z)

Download STIX

Preview STIX

The BlackCat ransomware group, also known as Black Cat, is a notorious Ransomware-as-a-Service organization that has been active since November 2021. The group has targeted the computer networks of over 1,000 victims worldwide, launching malicious campaigns to exploit and damage systems. In one notable incident, the group infiltrated MGM's infrastructure, encrypting more than 100 ESXi hypervisors after the company took down its internal infrastructure. The group also launched a malvertising campaign to push Cobalt Strike, further demonstrating their capability and intent to cause widespread harm. In a significant event, Change Healthcare, owned by UnitedHealth Group, paid a $22 million ransom to the BlackCat ransomware group following an attack. Despite the payment, the threat actor leaked sensitive health information on millions of Americans on the Dark Web. This action demonstrated the group's disregard for agreements made during ransom negotiations. Furthermore, it was revealed that the group claimed to have custody of 4 terabytes of data stolen by an affiliate of another ransomware group in a separate hack. However, law enforcement has been active in combatting the BlackCat group. The FBI, with Miami leading the investigation, seized the group’s servers, which hosted decryption keys. As part of an international disruption effort, the FBI created a decryption tool that enabled approximately 500 ransomware victims worldwide to restore their systems. Despite these efforts, the group appeared to shut down in March after receiving the $22 million extortion payment from Change Healthcare, leading to speculation about an exit scam.

Description last updated: 2024-09-06T22:15:30.855Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Alphv	7	Alphv is a threat actor group known for its malicious activities in the cyber world. They have been particularly active in deploying ransomware attacks, with one of their most significant actions being the theft of 5TB of data from Morrison Community Hospital. This act not only disrupted hospital op

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Healthcare

Ransom

Extortion

Fbi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Noberus	Unspecified	3	Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr

Source Document References

Information about the Blackcat Ransomware Group Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a day ago	CISA Flags ICS Bugs in Baxter, Mitsubishi Products
BankInfoSecurity	9 days ago	Florida Department of Health Informs RansomHub Hack Victims
BankInfoSecurity	19 days ago	Florida-Based Drug Testing Lab Says 300,000 Affected in Hack
CERT-EU	9 months ago	Law Enforcement Disrupts BlackCat Ransomware Operation \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
BankInfoSecurity	2 months ago	Millions Affected by Prudential Ransomware Hack in February
InfoSecurity-magazine	4 months ago	US Unveils $50M Program to Help Hospitals Patch Cybersecurity Gaps
InfoSecurity-magazine	4 months ago	Patient Data at Risk in MediSecure Ransomware Attack
InfoSecurity-magazine	4 months ago	Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
CERT-EU	a year ago	BlackCat Ransomware Gang to Launch Malicious WinSCP Ads
CERT-EU	a year ago	MGM casino's ESXi servers allegedly encrypted in ransomware attack
CERT-EU	a year ago	ALPHV ransomware group claims ITM solutions provider QSI as victim
CERT-EU	a year ago	QSI Banking Cyberattack: BlackCat Claims 5TB SQL Data Theft
CERT-EU	a year ago	Japanese watchmaker Seiko breached by BlackCat ransomware gang
CERT-EU	a year ago	Lawsuit against MGM and Ceasars Entertainment Ransomware Attack - Cybersecurity Insiders
CERT-EU	10 months ago	Phobos Ransomware Is Now Deployed by the 8Base Group
CERT-EU	10 months ago	In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach
CERT-EU	10 months ago	Cybercrims leak patient pics in low blow bid to win ransom
CERT-EU	a year ago	Massive security breach leads to $20 million theft from Revolut's payment systems
InfoSecurity-magazine	5 months ago	NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group
BankInfoSecurity	5 months ago	Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack