Blackcat Ransomware Group

Malware updated 4 days ago (2024-10-29T20:12:44.351Z)
Download STIX
Preview STIX
The BlackCat ransomware group, also known as Black Cat, has been active since November 2021. As a Ransomware-as-a-Service entity, it has targeted the computer networks of over 1,000 victims worldwide, with the FBI Miami leading the investigation into their activities. The group is notorious for its use of malware to exploit and damage computer systems, often infiltrating through suspicious downloads, emails, or websites. It holds data hostage for ransom and has even launched a malvertising campaign to push Cobalt Strike, further expanding its malicious reach. In one notable incident, Change Healthcare, owned by UnitedHealth Group, paid a substantial ransom of $22 million to the BlackCat group following an attack. However, despite the payment, the threat actor proceeded to leak sensitive health information on millions of Americans on the Dark Web. This instance was particularly significant as UnitedHealth Group publicly acknowledged that it had only paid one ransom in the entire incident. The group claimed to have custody of 4 terabytes of data stolen by an affiliate of another ransomware group - BlackCat - in this hack. In a significant blow to the BlackCat ransomware group, the FBI managed to seize the group's servers, which hosted decryption keys. This seizure was part of an international disruption effort against the infamous group. Following the seizure, the FBI created a decryption tool that enabled 500 ransomware victims worldwide to restore their systems. Interestingly, the group seemed to shut down in March after receiving the $22 million extortion payment from Optum's Change Healthcare medical billing middleman unit. However, despite the shutdown, the aftermath of their attacks continues to affect victims.
Description last updated: 2024-10-29T20:12:44.328Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Alphv is a possible alias for Blackcat Ransomware Group. Alphv, a threat actor also known as BlackCat, has been identified as a significant player in the cybercrime landscape. The group is responsible for numerous high-profile ransomware attacks, including a major breach of the Morrison Community Hospital, where they pilfered 5TB of data. Additionally, Al
8
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Healthcare
Ransom
Extortion
Reddit
Fbi
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Noberus Threat Actor is associated with Blackcat Ransomware Group. Noberus, also known as ALPHV or BlackCat, is a significant threat actor in the cybersecurity landscape. The group, which primarily operates a ransomware-as-a-service (RaaS) model, was the second most active ransomware group in April 2023, responsible for 14% of total observed victims. Originating frUnspecified
3
Source Document References
Information about the Blackcat Ransomware Group Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
4 days ago
DARKReading
2 months ago
BankInfoSecurity
2 months ago
BankInfoSecurity
2 months ago
CERT-EU
10 months ago
BankInfoSecurity
4 months ago
InfoSecurity-magazine
5 months ago
InfoSecurity-magazine
6 months ago
InfoSecurity-magazine
6 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
7 months ago