Security news aggregator

Latest coverage for BlackCat

BlackCat is a ransomware family covered through reported incidents, technical analysis, disruption efforts, and defensive guidance for security teams.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

BlackCat is a ransomware family known for its advanced encryption and modular design, enabling customization by operators. It targets enterprise environments by encrypting files and demanding cryptocurrency payments for decryption keys. BlackCat’s code supports multiple encryption algorithms and can adapt to different network architectures, increasing its effectiveness and evasion capabilities.

Security teams should monitor for signs of BlackCat’s multi-stage attacks, which often include credential compromise, lateral movement, and data exfiltration before encryption. Defenses that limit privilege escalation, enforce network segmentation, and detect unusual file access or encryption activity are critical. Understanding BlackCat’s tactics helps prioritize threat hunting and incident response efforts focused on preventing or mitigating ransomware impact in complex enterprise networks.

Volume over time

Weekly headline count for the current query.

Showing 6 most recent headlines Filtered view
Trend Micro Research, News and Perspectives 2 years ago

Attackers in Profile: menuPass and ALPHV/BlackCat

To test the effectiveness of managed services like our Trend Micro managed detection and response offering, MITRE Engenuity™ combined the tools, techniques, and practices of two globally notorious bad actors: menuPass and ALPHV/BlackCat. This blog tells the story of why they were chosen and what makes them threats to be reckoned with.

Trend Micro Research, News and Perspectives 2 years, 1 month ago

Not Just Another 100% Score: MITRE ENGENIUTY ATT&CK

The latest MITRE Engenuity ATT&CK Evaluations pitted leading managed detection and response (MDR) services against threats modeled on the menuPass and BlackCat/AlphV adversary groups. Trend Micro achieved 100% detection across all 15 major attack steps with an 86% actionable rate for those steps— balancing detections and business priorities including operational continuity and minimized disruption.

We found that malicious actors used malvertising to distribute malware via cloned webpages of legitimate organizations. The distribution involved a webpage of the well-known application WinSCP, an open-source Windows application for file transfer. We were able to identify that this activity led to a BlackCat (aka ALPHV) infection, and actors also used SpyBoy, a terminator that tampers with protection provided by agents.

Trend Micro Research, News and Perspectives 4 years, 3 months ago

An Investigation of the BlackCat Ransomware via Trend Micro Vision One

We recently investigated a case related to the BlackCat ransomware group using the Trend Micro Vision One™ platform, which comes with extended detection and response (XDR) capabilities. BlackCat (aka AlphaVM or AlphaV) is a ransomware family created in the Rust programming language and operated under a ransomware-as-a-service (RaaS) model.