ALPHV, BlackCat Gang

Description

(Palo Alto) BlackCat (aka ALPHV) is a ransomware family that surfaced in mid-November 2021 and quickly gained notoriety for its sophistication and innovation. Operating a ransomware-as-a-service (RaaS) business model, BlackCat was observed soliciting for affiliates in known cybercrime forums, offering to allow affiliates to leverage the ransomware and keep 80-90% of the ransom payment. The remainder would be paid to the BlackCat author.

The threat actors leveraging BlackCat, often referred to as the ‘BlackCat gang,’ utilize numerous tactics that are becoming increasingly commonplace in the ransomware space. Notably, they use multiple extortion techniques in some cases, including the siphoning of victim data before ransomware deployment, threats to release data if the ransom is not paid and distributed denial-of-service (DDoS) attacks.

Known affiliates are:

  1. Subgroup: Scattered Spider

Names

NameName-Giver
ALPHVself given
ALPHVMself given
BlackCat Gang?
UNC4466Mandiant
Ambitious ScorpiusPalo Alto

Country

Motivation

  • Financial gain

First Seen

2021

Observed Countries

Tools

Operations

Counter Operations

Information

Other Information

Uuid

2670c199-9e61-49ea-b587-467cff960c5c

Last Card Change

2025-06-27