Cyber Alert! ALPHV BlackCat Ransomware Advisory
On Tuesday December 19, the US Justice Department announced that it has seized websites of the second most prolific ransomware-as-a-service (RaaS) operation, BlackCat, also called ALPHV or Noberus. Today, ALPHV/BlackCat announced that its ransomware as a service (RaaS) criminal syndicate affiliates could now target critical infrastructures such as nuclear power plants, hospitals in US in response. The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have released a Joint CSA to disseminate known indicators of compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) associated with the ALPHV Blackcat RaaS identified through FBI investigations as recently as December 6, 2023. This advisory provides updates to the FBI FLASH BlackCat/ALPHV Ransomware IOC released April 19, 2022. Since previous reporting, ALPHV Blackcat actors released a new version of the malware, and the FBI identified over 1000 victims worldwide targeted via ransomware and/or data extortion. FBI and CISA encourage critical infrastructure organizations to implement the recommendations in the Mitigations section of the CSA to reduce the likelihood and impact of ALPHV Blackcat ransomware and data extortion incidents.