Blackcat Ransomware Group

Malware updated 4 days ago (2024-11-29T14:26:20.267Z)

Download STIX

Preview STIX

The BlackCat ransomware group, also known as Black Cat, has been active since November 2021. As a Ransomware-as-a-Service entity, it has targeted the computer networks of over 1,000 victims worldwide, with the FBI Miami leading the investigation into their activities. The group is notorious for its use of malware to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. It holds data hostage for ransom and has even launched a malvertising campaign to push Cobalt Strike, further expanding its malicious reach. In one notable incident, Change Healthcare, owned by UnitedHealth Group, paid a substantial ransom of $22 million to the BlackCat group following an attack. However, despite the payment, the threat actor proceeded to leak sensitive health information on millions of Americans on the Dark Web. This instance was particularly significant as UnitedHealth Group publicly acknowledged that it had only paid one ransom in the entire incident. The group claimed to have custody of 4 terabytes of data stolen by an affiliate of another ransomware group - BlackCat - in this hack. In a significant blow to the BlackCat ransomware group, the FBI managed to seize the group's servers, which hosted decryption keys. This seizure was part of an international disruption effort against the infamous group. Following the seizure, the FBI created a decryption tool that enabled 500 ransomware victims worldwide to restore their systems. Interestingly, the group seemed to shut down in March after receiving the $22 million extortion payment from Optum's Change Healthcare medical billing middleman unit. However, despite the shutdown, the aftermath of their attacks continues to affect victims.

Description last updated: 2024-10-29T20:12:44.328Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Alphv is a possible alias for Blackcat Ransomware Group. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient p	8

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Healthcare

Ransom

Extortion

Fbi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Noberus Threat Actor is associated with Blackcat Ransomware Group. Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating fr	Unspecified	3

Source Document References

Information about the Blackcat Ransomware Group Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	a month ago	28th October – Threat Intelligence Report - Check Point Research
DARKReading	3 months ago	CISA Flags ICS Bugs in Baxter, Mitsubishi Products
BankInfoSecurity	3 months ago	Florida Department of Health Informs RansomHub Hack Victims
BankInfoSecurity	3 months ago	Florida-Based Drug Testing Lab Says 300,000 Affected in Hack
CERT-EU	a year ago	Law Enforcement Disrupts BlackCat Ransomware Operation \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware
BankInfoSecurity	5 months ago	Millions Affected by Prudential Ransomware Hack in February
InfoSecurity-magazine	6 months ago	US Unveils $50M Program to Help Hospitals Patch Cybersecurity Gaps
InfoSecurity-magazine	7 months ago	Patient Data at Risk in MediSecure Ransomware Attack
InfoSecurity-magazine	7 months ago	Ascension Ransomware Attack Diverts Ambulances, Delays Appointments
CERT-EU	a year ago	BlackCat Ransomware Gang to Launch Malicious WinSCP Ads
CERT-EU	a year ago	MGM casino's ESXi servers allegedly encrypted in ransomware attack
CERT-EU	a year ago	ALPHV ransomware group claims ITM solutions provider QSI as victim
CERT-EU	a year ago	QSI Banking Cyberattack: BlackCat Claims 5TB SQL Data Theft
CERT-EU	a year ago	Japanese watchmaker Seiko breached by BlackCat ransomware gang
CERT-EU	a year ago	Lawsuit against MGM and Ceasars Entertainment Ransomware Attack - Cybersecurity Insiders
CERT-EU	a year ago	Phobos Ransomware Is Now Deployed by the 8Base Group
CERT-EU	a year ago	In Other News: Airport Taxi Hacking, Post-Quantum Crypto Guidance, Stanford Breach
CERT-EU	a year ago	Cybercrims leak patient pics in low blow bid to win ransom
CERT-EU	a year ago	Massive security breach leads to $20 million theft from Revolut's payment systems
InfoSecurity-magazine	8 months ago	NHS Trust Confirms Clinical Data Leaked by Recognized Ransomware Group