• Home
  • News
  • ALPHV's Attacks Reach Germany

ALPHV’s Attacks Reach Germany

Alex Popa

By Alex Popa . 9 December 2023

Cybersecurity Journalist

Miklos Zoltan

Fact-Checked this

ALPHV attacked Dena (Deutsche Energie-Agentur), a German energy supplier, and posted evidence of the attack shortly after. This was a ransomware hit which falls in line with how the group operates.

  • ALPHV is also known as BlackCat and Noberus, and operate based on RUST
  • The group first became active in 2021 and has been involved in numerous attacks since then
  • Their MO is almost always the same: exploit the target’s vulnerabilities, encrypt sensitive data, and ask for a ransom
  • If the victim doesn’t pay the ransom, ALPHV will always leak the data on the Dark Web

ALPHV ranks among the more aggressive ransomware actors, as their style goes beyond the typical coercion tactics. Rather than encrypting their victims’ data and waiting for the ransom, ALPHV goes one step further.

The organization is known to threaten and even launch DDoS attacks against those who refuse to pay. The group also has a public leak site where they publish compromised data in case the victim doesn’t give in to the threats.

Tweet showing ALPHV's announcement about attacking dena
https://twitter.com/FalconFeedsio/status/1732633693746065912

Despite being just one of the many ransomware organizations active today, ALPHV ranks as one of the most aggressive and active to date. ALPHV has been extremely active in 2023, even attacking Reddit at some point.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

What to Know About ALPHV

ALPHV (BlackCat) is known as the very first ransomware actor that has created a public data leak website. They’ve done so to ensure the victim that they mean business and they will leak their sensitive data if they refuse to pay.

Several theories are at play with regard to the group’s actual identity. Some of the theories see them as a rebranding of the old DarkSide, while others think ALPHV is a successor of REvil.

The severity and the rapid succession of the attacks immediately put ALPHV on a worldwide watchlist. This quickly dragged the FBI into the mix, which immediately looked into the organization. Subsequent investigations showed potential links between ALPHV and ransomware actors: DarkSide and BlackMatter.

The organization was highly active in 2022 as well, targeting a number of different companies worldwide. These include Swissport, Moncler, North Carolina A&T, NVJC, JAKKS Pacific, and many others. One of their most prominent attacks remains the one on Reddit itself.

Following the attack, ALPHV claimed to have secured over 80 GB of data and demanded over $4.5 in ransom. The outcome is unclear, as the organization’s original posting stated that, if Reddit refused to pay, they will leak the data publicly.

Alex Popa
Technology Analyst & Data Privacy Journalist Alex is an avid proponent of informational security and data privacy. Given how easily online information disseminates and how cybercriminals are always stepping up their game, self-security becomes a necessity. Alex has direct experience with many tools of the trade like 1Password, YubiKey, Ledger, VPNs, and he has an evergreen interest in emerging security technologies. Which is to say he’s geeking out on them a lot. You’ll often find him reading up on cybersecurity stats or the latest ransomware attacks, staying up-to-date with the evolution of informational security and infiltration tactics. Alex is also an experienced journalist, which makes him great at putting tech-savvy and complex topics into easy-to-understand guides and reports.
Alex Popa
  • Connect with the author:

Leave a Comment