BlackCat (cyber gang)

BlackCat/ALPHV
Formation	2021
Type	Hacking
Parent organization	FIN7, DarkSide (hacker group)

BlackCat, also known as ALPHV^[1] and Noberus,^[2] is a computer ransomware family written in Rust. It made its first appearance in November 2021. By extension, it is also the name of the threat actor(s) who exploited it.

BlackCat operates on a ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and taking a percentage of ransom payments. For initial access, the ransomware relies essentially on stolen credentials obtained through initial access brokers. The group operated a public data leak site to pressure victims to pay ransom demands.

The group targeted hundreds of organizations worldwide, including Reddit in 2023 and Change Healthcare in 2024.^[3] Since its first appearance it was one of the most active ransomware operations.^[4]

As of February 2024, the U.S. Department of State was offering rewards of up to US$10 million for leads that could identify or locate ALPHV/BlackCat ransomware gang leaders.^[5]

In March 2024, a representative for BlackCat said that the group was shutting down in the aftermath of the 2024 Change Healthcare ransomware attack.^[6] As of early 2025 it had apparently disappeared.^[7]

^ "FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware | CISA". www.cisa.gov. 2022-04-22. Retrieved 2023-07-14.
^ Ravie, Lakshmanan (2023-06-01). "Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics". The Hacker News. Retrieved 2023-07-25.
^ Lyons, Jessica. "Reddit confirms BlackCat ransomware gang stole its data". www.theregister.com. Retrieved 2024-03-03.
^ "BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration". Security Intelligence. Retrieved 2023-07-25.
^ Gatlan, Sergiu (15 February 2024). "US offers up to $15 million for tips on ALPHV ransomware gang". BleepingComputer.
^ "BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security". 2024-03-05. Retrieved 2024-05-21.
^ Milmo, Dan (5 February 2025). "Global ransomware payments plunge by a third amid crackdown". The Guardian.

[:1-1] "FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware | CISA". www.cisa.gov. 2022-04-22. Retrieved 2023-07-14.

[:2-2] Ravie, Lakshmanan (2023-06-01). "Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics". The Hacker News. Retrieved 2023-07-25.

[3] Lyons, Jessica. "Reddit confirms BlackCat ransomware gang stole its data". www.theregister.com. Retrieved 2024-03-03.

[4] "BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration". Security Intelligence. Retrieved 2023-07-25.

[gatlan-5] Gatlan, Sergiu (15 February 2024). "US offers up to $15 million for tips on ALPHV ransomware gang". BleepingComputer.

[:7-6] "BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security". 2024-03-05. Retrieved 2024-05-21.

[milmo-7] Milmo, Dan (5 February 2025). "Global ransomware payments plunge by a third amid crackdown". The Guardian.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

BlackCat (cyber gang)

From Wikipedia, the free encyclopedia · View on Wikipedia