ALPHV's Attacks Reach Germany

By Alex Popa . 9 December 2023

Cybersecurity Journalist

Fact-Checked this

ALPHV attacked Dena (Deutsche Energie-Agentur), a German energy supplier, and posted evidence of the attack shortly after. This was a ransomware hit which falls in line with how the group operates.

ALPHV is also known as BlackCat and Noberus, and operate based on RUST
The group first became active in 2021 and has been involved in numerous attacks since then
Their MO is almost always the same: exploit the target’s vulnerabilities, encrypt sensitive data, and ask for a ransom
If the victim doesn’t pay the ransom, ALPHV will always leak the data on the Dark Web

ALPHV ranks among the more aggressive ransomware actors, as their style goes beyond the typical coercion tactics. Rather than encrypting their victims’ data and waiting for the ransom, ALPHV goes one step further.

The organization is known to threaten and even launch DDoS attacks against those who refuse to pay. The group also has a public leak site where they publish compromised data in case the victim doesn’t give in to the threats.

Tweet showing ALPHV's announcement about attacking dena — https://twitter.com/FalconFeedsio/status/1732633693746065912

Despite being just one of the many ransomware organizations active today, ALPHV ranks as one of the most aggressive and active to date. ALPHV has been extremely active in 2023, even attacking Reddit at some point.

What to Know About ALPHV

ALPHV (BlackCat) is known as the very first ransomware actor that has created a public data leak website. They’ve done so to ensure the victim that they mean business and they will leak their sensitive data if they refuse to pay.

Several theories are at play with regard to the group’s actual identity. Some of the theories see them as a rebranding of the old DarkSide, while others think ALPHV is a successor of REvil.

The severity and the rapid succession of the attacks immediately put ALPHV on a worldwide watchlist. This quickly dragged the FBI into the mix, which immediately looked into the organization. Subsequent investigations showed potential links between ALPHV and ransomware actors: DarkSide and BlackMatter.

The organization was highly active in 2022 as well, targeting a number of different companies worldwide. These include Swissport, Moncler, North Carolina A&T, NVJC, JAKKS Pacific, and many others. One of their most prominent attacks remains the one on Reddit itself.

Following the attack, ALPHV claimed to have secured over 80 GB of data and demanded over $4.5 in ransom. The outcome is unclear, as the organization’s original posting stated that, if Reddit refused to pay, they will leak the data publicly.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Technology Analyst & Data Privacy Journalist Alex is an avid proponent of informational security and data privacy. Given how easily online information disseminates and how cybercriminals are always stepping up their game, self-security becomes a necessity. Alex has direct experience with many tools of the trade like 1Password, YubiKey, Ledger, VPNs, and he has an evergreen interest in emerging security technologies. Which is to say he’s geeking out on them a lot. You’ll often find him reading up on cybersecurity stats or the latest ransomware attacks, staying up-to-date with the evolution of informational security and infiltration tactics. Alex is also an experienced journalist, which makes him great at putting tech-savvy and complex topics into easy-to-understand guides and reports.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

ALPHV’s Attacks Reach Germany

What to Know About ALPHV

Our Mission

Alex Popa

Leave a Comment Cancel