Security news aggregator

Latest coverage for BlackCat

BlackCat is a ransomware family covered through reported incidents, technical analysis, disruption efforts, and defensive guidance for security teams.

19 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

BlackCat is a ransomware family known for its advanced encryption and modular design, enabling customization by operators. It targets enterprise environments by encrypting files and demanding cryptocurrency payments for decryption keys. BlackCat’s code supports multiple encryption algorithms and can adapt to different network architectures, increasing its effectiveness and evasion capabilities.

Security teams should monitor for signs of BlackCat’s multi-stage attacks, which often include credential compromise, lateral movement, and data exfiltration before encryption. Defenses that limit privilege escalation, enforce network segmentation, and detect unusual file access or encryption activity are critical. Understanding BlackCat’s tactics helps prioritize threat hunting and incident response efforts focused on preventing or mitigating ransomware impact in complex enterprise networks.

Volume over time

Weekly headline count for the current query.

Showing 19 most recent headlines Filtered view
Bank Info Security 2 months, 3 weeks ago

Breach Roundup: Myanmar Scam Compound Managers Charged

Also, Europol Cracks DDoS Networks, Mythos Finds Bugs, France Portal HitThis week, scam compounds. Attackers exploit flaws pre-disclosure. A crackdown on DDoS-for-hire. No Mythos for CISA, yes for Mozilla. France ID portal breach. Israeli and Venezuelan critical infrastructure targeted. Russian hacking in Ukraine. An Apache flaw. A ransomware negotiator aided BlackCat.

Bank Info Security 4 months, 4 weeks ago

Norton Healthcare to Pay $11M to Settle BlackCat Lawsuit

Cybercrime Gang Allegedly Stole 4.7 Terabytes of Data, Affecting 2.5MNorton Healthcare, which operates nine hospitals and other care facilities in Kentucky and Indiana, has agreed to pay $11 million to settle class action litigation stemming from a 2023 data theft attack by ransomware-as-a-service gang Alphv/BlackCat that affected nearly 2.5 million people.

2023 and 2024 Ransomware Breaches Affected More Than 2.5MMichigan-based McLaren Health Care has agreed to pay $14 million to settle consolidated class action litigation involving two ransomware attacks - allegedly by Alphv/BlackCat in 2023 and by Inc Ransom in 2024 - that affected about 2.5 million patients and employees.

Bank Info Security 6 months, 2 weeks ago

2 Cyber Pros Admit to Being BlackCat Ransomware Affiliates

Americans Extorted at Least 5 Firms, Earning $1 Million From a Medical Device MakerTwo American cybersecurity professionals who moonlighted as BlackCat ransomware gang affiliates pleaded guilty to using the crypto-locking malware to extort at least five victims in the United States, including a medical device maker that paid a cryptocurrency ransom worth over $1 million.

DOJ: Suspects Hit 5 Firms, Including 3 in Healthcare, Netted $1.3M in Ransom MoneyThree former employees of two cybersecurity firms stand accused of using BlackCat ransomware in a conspiracy to extort five U.S. companies, including three in the healthcare sector. One of the victim companies paid nearly $1.3 million to the attackers, U.S. federal prosecutors said.

Cryptocurrency Tracing Suggests Group Is Rebrand of Russian-Speaking BlackCat GroupEven lesser-known ransomware groups haul in serious extortion cash - although in the ransomware world, little is what it seems. Take relative newcomer Embargo, which appears to be a rebrand of, or successor to, the notorious BlackCat group, also known as Alphv.

Bank Info Security 1 year, 5 months ago

Still-Lucrative Ransomware's Profits Plunged 35% Last Year

Collapse of LockBit and BlackCat/ALPHV Tied to Ongoing Decline in Big-Game HuntingRansomware may still be raking in massive cryptocurrency profits for practitioners, but 2024 turned out to be less of a banner year than predicted, with blockchain researchers reporting that the sum total of known ransom payments to ransomware groups in 2024 plummeted by 35%.

Lehigh Valley Health Network Will Pay 134,000 Victims of Ransomware Attack and LeakA Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.

Bank Info Security 1 year, 10 months ago

RansomHub Hits Powered by Ex-Affiliates of LockBit, BlackCat

Feds Count Over 200 Known US Victims of Ransomware Group That Launched in FebruaryBeware a surge in attacks tied to a ransomware group called RansomHub that's recruited affiliates from down-or-out operations LockBit and BlackCat and successfully crypto-locked systems at more than 200 organizations nationwide, including critical infrastructure, the U.S. government warned.

Bank Info Security 2 years, 3 months ago

A Second Gang Shakes Down UnitedHealth Group for Ransom

RansomHub Claims It Has 4TBs of Data Stolen by BlackCat in Change Healthcare AttackA second cybercriminal gang - RansomHub - is trying to shake down Change Healthcare's parent company, UnitedHealth Group, and have it pay another ransom for data that an affiliate of ransomware-as-a-service group BlackCat claims to have stolen in February. Is this the latest ruse in a messy attack?

Bank Info Security 2 years, 3 months ago

UnitedHealth Admits Patient Data Was 'Taken' in Mega Attack

US Government Offers $10M Bounty to Track Down Leadership of BlackCat Crime GroupUnitedHealth Group has admitted data was "taken" in the cyberattack on Change Healthcare and has just started analyzing the types of personal, financial and health information potentially compromised. The U.S. is offering a $10 million bounty for BlackCat, which claims to have launched the attack.

Bank Info Security 2 years, 4 months ago

BlackCat Ransomware Group 'Seizure' Appears to Be Exit Scam

Affiliate Claims Administrators Kept All $22 Million Paid by Change HealthcareThe administrators of the BlackCat ransomware-as-a-service group claim law enforcement has shut down their operation. But experts and affiliates accuse the group's leadership of running an exit scam on the heels of a $22 million ransom payment by a recent victim - Optum's Change Healthcare unit.

Bank Info Security 2 years, 4 months ago

BlackCat Pounces on Health Sector After Federal Takedown

Feds Issue Alert as Change Healthcare Hack Affects Medicare, CVS Caremark, MetLifeBlackCat claimed on its dark web site that it is behind the biggest healthcare hack so far the year - exfiltrating 6 terabytes of "highly selective data" relating to "all" Change Healthcare clients, including Tricare, Medicare, CVS Caremark, MetLife and more.

Bank Info Security 2 years, 6 months ago

Fidelity National Financial Details LoanCare Breach

1.3 Million Customers Notified of Breach; BlackCat Ransomware Group Claimed CreditFinancial services giant Fidelity National Financial has confirmed that a November 2023 hack attack compromised personal information pertaining to 1.3 million customers of its LoanCare subsidiary. FNF took multiple systems offline when responding to the attack, disrupting some homebuyers.

Bank Info Security 2 years, 7 months ago

Kentucky Hospital Chain Notifying 2.5 Million of Data Theft

Alphv/BlackCat Claimed Responsibility for May AttackA Kentucky-based hospital chain is notifying millions of individuals that their information was potentially exfiltrated in a May attack. Russian-speaking ransomware-as-a-service group Alphv/BlackCat - which is currently reportedly undergoing its own disruptions - took credit for the data theft.

Bank Info Security 2 years, 7 months ago

Ransomware Group Offline: Have Police Seized Alphv/BlackCat?

Prolific Ransomware Operation Tied to Big Hits Claims 'Everything Will Work Soon'Cybercrime underground chatter suggests ransomware group BlackCat - aka Alphv - is being disrupted by law enforcement. Experts warn that disruptions too often remain short-lived, as operators reboot under different names and affiliates go independent or work with a bevy of rival services.

Ransomware Group Says MeridianLink Didn't Tell SEC About Cyberattack Within 4 DaysThe BlackCat ransomware group tattled to U.S. federal regulators about an alleged victim not disclosing a material cyberattack within four business days. The group, also known as Alphv, listed MeridianLink on its data leak site and threatened to leak stolen data.

Bank Info Security 2 years, 8 months ago

Alphv Gang Tattles to SEC About Victim Not Disclosing Breach

Ransomware Group Says MeridianLink Didn't Tell SEC About Cyberattack Within 4 DaysThe BlackCat ransomware group tattled to U.S. federal regulators about an alleged victim not disclosing a material cyberattack within four business days. The group, also known as Alphv, listed MeridianLink on its data leak site and threatened to leak stolen data.

Bank Info Security 2 years, 8 months ago

McLaren Health Care Hack Affected Millions; Lawsuits Pile Up

Michigan Healthcare Provider Faces 7 Federal Lawsuits in Alphv/BlackCat Data TheftMcLaren Health Care is notifying nearly 2.2 million people of a data breach weeks after ransomware group Alphv/BlackCat claimed to have stolen 6 terabytes of patient records in a recent attack. In the meantime, the number of lawsuits filed against McLaren related to the incident continues to climb.