• Home
  • News
  • ALPHV Attacks Worthen Industries

ALPHV Attacks Worthen Industries

Miklos Zoltan

By Miklos Zoltan . 21 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

ALPHV posted evidence of another attack on US soil, this time against Worthen Industries. The attack took place on 20th this month and the attackers gave the victim until the 22nd to pay the ransom.

  • ALPHV is a famous ransomware actor that has grown to impressive proportions over the past year
  • The group is also known as BlackCat or Noberus and it is a ransomware family written in the Rust programming language
  • The organization is primarily motivated by financial gains and avoids any type of political statements
  • This recent attack also appears to follow the same trend, as the attackers gave the victim only several days to pay the ransom

ALPHV uses the double extortion method, stealing the data and encrypting it on the parent hardware. The victim is then offered 2 options. Either pays the ransom or the data is sold or published on the DarkWeb for free.

This would impact both the victim’s financial status and, more importantly, its reputation. Which is why some choose to pay the ransom and work on their defenses rather than having their confidential information leaked.

X showing the ALPHV attack on Worthen Industries
https://twitter.com/FalconFeedsio/status/1748959143950791076

ALPHV’s MO rests on exploiting soft vulnerabilities with the help of the Emotet botnet. ExMatter is used to exfiltrate the stolen data while abusing GPOs (Group Policy Objects) disables the target’s security systems.

Who Is BlackCat?

BlackCat can be seen as an innovator in the cyberhacking field. The main innovation is the leak website, BlackCat being the first ransomware actor to create one. Other ransomware organizations also adopted this feature in the following months.

BlackCat also appears to conduct its negotiations a bit differently. While the ransoms they require are generally in the hundreds of millions, they are open to negotiations and seem quite reasonable.

Most ransomware actors don’t negotiate the ransom amount, but BlackCat does and the group often settles for less than the original request. This means that they have a slightly higher pay rate, compared to other ransomware groups.

As of May, 2023, BlackCat has been credited with over 350 victims, but the number of those who paid the ransom is unknown. A Sphynx variant was released in February of 2023, coming with a boost in speed and stealth, increasing the group’s capabilities.

ALPHV was seemingly hit hard by the FBI in December 2023, when the law enforcement agency disrupted the group’s websites. Furthermore, FBI released a decryption tool that the victims can use to circumvent the encryption.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

Leave a Comment