BlackCat
High ConfidenceHigh ThreatALPHV • Noberus • UNC4466
BlackCat, also known as ALPHV and Noberus, is a sophisticated ransomware-as-a-service (RaaS) operation that emerged in November 2021. The group is believed to be comprised of former members of the DarkSide and BlackMatter ransomware gangs, and it is considered by some to be a direct successor to these now-defunct operations. BlackCat's ransomware is notable for being written in the Rust programming language, which allows for greater customization and improved performance across a variety of operating systems. The group operates on a RaaS model, providing its ransomware to affiliates in exchange for a share of the profits. BlackCat is known for its aggressive tactics, which include double and triple extortion techniques. In addition to encrypting victim data, the group exfiltrates sensitive information and threatens to publish it on their data leak site. They have also been observed launching distributed denial-of-service (DDoS) attacks against their victims to further pressure them into paying the ransom. The U.S. Department of State has offered a reward of up to $10 million for information leading to the identification or location of the group's leaders. In March 2024, following a major attack on Change Healthcare, a subsidiary of UnitedHealth Group, BlackCat's infrastructure was disrupted by law enforcement. The group subsequently announced that it was shutting down its ...
BlackCat, also known as ALPHV and Noberus, is a sophisticated ransomware-as-a-service (RaaS) operation that emerged in November 2021. The group is believed to be comprised of former members of the DarkSide and BlackMatter ransomware gangs, and it is considered by some to be a direct successor to these now-defunct operations. BlackCat's ransomware is notable for being written in the Rust programming language, which allows for greater customization and improved performance across a variety of operating systems. The group operates on a RaaS model, providing its ransomware to affiliates in exchange for a share of the profits. BlackCat is known for its aggressive tactics, which include double and triple extortion techniques. In addition to encrypting victim data, the group exfiltrates sensitive information and threatens to publish it on their data leak site. They have also been observed launching distributed denial-of-service (DDoS) attacks against their victims to further pressure them into paying the ransom. The U.S. Department of State has offered a reward of up to $10 million for information leading to the identification or location of the group's leaders. In March 2024, following a major attack on Change Healthcare, a subsidiary of UnitedHealth Group, BlackCat's infrastructure was disrupted by law enforcement. The group subsequently announced that it was shutting down its ...
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
BlackCat is expected to continue operations targeting Healthcare sectors.
First observed activity of BlackCat
Continued active operations