New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

ALPHV - BlackCat Ransomware

February 7, 2022

Key takeaways: The group is actively recruiting ex-REvil, BlackMatter, and DarkSide operators Increased activity since November 2021 Lucrative affiliate pay-outs (up to 90%) Rust-based ransomware executable (fast, cross-platform, heavily customized per victim) AES encryption by default Built-in privilege escalation (UAC bypass, Masquerade_PEB, CVE-2016-0099) Can propagate to remote hosts via PsExec Deletes shadow copies using VSS Admin Stops VMware ESXi virtual machines and deletes snapshot The group's leak site, active since early December 2021, has named over twenty victim organizations as of late January 2022, though the total number of victims, including those that have paid a ransom to avoid exposure, is likely greater.

Featured Resources

View More Resources
Cymulate Stories: A Fireside Chat with Morgan Street Holdings
Webinar

Cymulate Stories: A Fireside Chat with Morgan Street Holdings

Many organizations still manage cyber risk using reactive security practices that struggle to keep pace with today’s threat landscape. As

Watch Now
The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape 
blog

The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape 

AI tools shipped fast - but weak sandboxing left escape paths, exposing systems to data access, abuse, and full compromise.

Read More
Exposure Validation: Continuous Testing Should Drive Continuous Improvement
blog

Exposure Validation: Continuous Testing Should Drive Continuous Improvement

What’s your end goal? How exactly does this security project make you more secure?  Like any technology initiative, those two

Read More