Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

FBI warns of change in tactics by ALPHV ransomware gang

After being taken down and resurrecting itself multiple times, ALPHV is switching up how it targets its victims.

user icon David Hollingworth
Wed, 28 Feb 2024
FBI warns of change in tactics by ALPHV ransomware gang
expand image

US authorities have released a joint security advisory warning of a significant change in the tactics used by the ALPHV ransomware gang.

ALPHV (also known as BlackCat) is proving itself a slippery opponent. It was taken down by the FBI and other international agencies in December of 2023 but was back in operation within days.

Then, in January, its leak site was seized again. And, again, the gang was up and running within days, sharing new victims on a new leak site.

============
============

As a response to the takedown actions, ALPHV has directed its affiliates to specifically target hospitals – and they appear to be listening. According to the FBI, healthcare has been the most commonly targeted sector by the gang since mid-December last year.

The group has also changed the way it delivers its ransom demands. The FBI said the group now uses “improvised communication methods” to create ransom emails tailored to the victim. Previously, the gang created .txt files on encrypted drives to share its ransom demands.

ALPHV has also released a new version of its software.

“In February 2023, ALPHV BlackCat administrators announced the ALPHV BlackCat Ransomware 2.0 Sphynx update, which was rewritten to provide additional features to affiliates, such as better defence evasion and additional tooling,” the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services in their joint advisory.

“This ALPHV BlackCat update has the capability to encrypt both Windows and Linux devices, and VMWare instances.”

The final point made by the FBI and its partners is that not only is the gang technically proficient, but so are its affiliates.

“ALPHV BlackCat affiliates have extensive networks and experience with ransomware and data extortion operations,” the advisory read.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.