Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.
BlackCat is a ransomware family covered through reported incidents, technical analysis, disruption efforts, and defensive guidance for security teams.
Search across headline titles and summaries.
Background for this topic.
BlackCat is a ransomware family known for its advanced encryption and modular design, enabling customization by operators. It targets enterprise environments by encrypting files and demanding cryptocurrency payments for decryption keys. BlackCat’s code supports multiple encryption algorithms and can adapt to different network architectures, increasing its effectiveness and evasion capabilities.
Security teams should monitor for signs of BlackCat’s multi-stage attacks, which often include credential compromise, lateral movement, and data exfiltration before encryption. Defenses that limit privilege escalation, enforce network segmentation, and detect unusual file access or encryption activity are critical. Understanding BlackCat’s tactics helps prioritize threat hunting and incident response efforts focused on preventing or mitigating ransomware impact in complex enterprise networks.
Weekly headline count for the current query.
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.
Two US citizens pleaded guilty to working as ALPHV/BlackCat ransomware affiliates in 2023, and both were previously employed by prominent security firms.
Malware authors have iterated on one of the premier encryptors on the market, building something even bigger and better.
RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.
Feds are offering cash for information to help them crack down on the ransomware-as-a-service group's cyberattacks against US critical infrastructure.
Law enforcement action hasn't eradicated ransomware groups, but it has shaken up the cyber underground and sown distrust among thieves.
Source code fire sale, stiffing affiliates — are BlackCat admins intentionally burning their RaaS business to the ground? Experts say something's up.
MacOS data exfiltration malware poses as an update for Visual Studio code editor.
Ransomware group tries to claw back operations following FBI disruption, and lifts a previous ban on attacks against critical infrastructure in retaliation.
Dark Web chatter indicates that Scattered Spider worked with the FBI to take down the BlackCat/ALPHV operation.
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
Threat intel sources confirm the ransomware group's site has been shuttered by law enforcement.
BlackCat/ALPHV claims it has had access to the payments technology vendor's systems since September, and threatens follow-on attacks on its customer Roblox.
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.
ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.
The cosmetics conglomerate was apparently breached through the infamous MOVEit flaw by both Cl0p and BlackCat, at roughly the same time.
The cybercrime group has given its backdoor malware a facelift in an attempt to evade detection, making some bug fixes and setting itself up to deliver its latest crimeware toy, BlackCat.
BlackCat ransomware operators reportedly stole the sensitive data.
Company refutes BlackCat claims, saying it still controls digital signature infrastructure.
The ransomware group adds in personal insults to ratchet up pressure on Western Digital threat hunters.