Announcementseverity: High2024-03-05
ALPHV BlackCat shuts down in apparent exit scam after Change Healthcare payment
published by BleepingComputer
Actor
Russian-speaking ransomware-as-a-service operation, first observed November 2021, notable as the first prominent ransomware family written in Rust. Operated the affiliate program responsible for the…
Summary
The ALPHV BlackCat operators took their Tor leak site offline on 1 March 2024 and on 5 March announced the operation's closure, posting a fabricated FBI seizure banner that the UK NCA publicly denied. The operators offered the ransomware source code for $5 million and stiffed the affiliate behind the Change Healthcare intrusion, who retained roughly 4 TB of stolen data.
Tags
exit-scamraasinfrastructure
Primary source
bleepingcomputer.comOther ALPHV/BlackCat events
- 2025-11-19Two U.S. cybersecurity workers plead guilty to ALPHV BlackCat affiliate scheme
- 2024-02-21Change Healthcare ransomware incident attributed to ALPHV BlackCat
- 2023-12-19FBI-led international operation seizes ALPHV infrastructure and releases decryptor
- 2023-12-19Joint CISA/FBI/HHS advisory AA23-353A on ALPHV BlackCat
- 2021-11-01ALPHV/BlackCat Rust-based RaaS first observed