Report

ALPHV Targeting: Ransomware & Digital Extortion

Read ZeroFox Intelligence’s ALPHV Targeting Report for a full overview of staring activity in the past 7 quarters, including:

  • A profile of ALPHV, which is one of the most prominent ransomware and digital extortion (R&DE) threats to the majority of industries globally.
  • Analysis of ALPHV’s intrusion vectors; in the past year, affiliates have most often exploited vulnerabilities in internet-facing systems to deploy ALPHV
  • Industry and regional breakdowns of how ALPHV targets victims differently and the threats associated with each.
  • Future risks from ALPHV –ZeroFox Intelligence believes ALPHV affiliates will continue a high attack tempo in the next two quarters.

Download the report

Download Report

ZeroFox Intelligence assesses the proficiency of ALPHV (also known as BlackCat and Noberus), a ransomware strain used to compromise and extort its victims. First observed in 2021, ALPHV operates as a RaaS platform with a subscription-based business model. ALPHV is widely reported to have descended from former affiliates of ransomware collectives DarkSide and BlackMatter, which were active during 2020 and 2021 respectively. Its continued presence and prominence in malicious marketplaces is likely contributed to by affiliate payout rates of up to 90 percent, which is significantly higher than many other ransomware services.

ALPHV is also the most prominent and among the first ransomware strains to be written in the Rust programming language, creating appeal to threat actors able to leverage these benefits in their malicious software. The strain is known for its flexibility and adaptability, with subscription packages offering different encryption modes, customizable ransom notes, and data exfiltration methods that enable affiliates to fine-tune their attacks. ALPHV was also one of the first collectives to publish stolen credentials to a public data leak site, revealing the results of an attack to victims, other cybercriminals, security researchers, and shareholders. This applies additional pressure on the victim, increasing the chance of eliciting ransom payment.

resources preview
©2024 by ZeroFox. All Rights Reserved.
Privacy PolicyTerms and Transparency