Dragons Eye
Dragons EyeRansomware Tracker
DashboardVictimsGroupsRansom NotesDecryptorsNegotiationIOCStatistics
Dragons Community
Information & Disclaimer
← Back to Groups
alphv logo

alphv

🟢 Active

Status

Active

Total Victims

731

Active Sites

1 / 6

Has Parser

No

Top Target Countries

🇺🇸 US🇨🇦 CA🇬🇧 GB🇩🇪 DE🌍 Unknown

Top Target Industries

ManufacturingHealthcareBusiness ServicesTechnologyLegal Services
Country Distribution
🇺🇸 US351
🇨🇦 CA38
🇬🇧 GB34
🇩🇪 DE29
🌍 Unknown27
🇦🇺 AU24
🇮🇹 IT17
🇫🇷 FR15
Site Locations (6)
Description

The operators of the ALPHV/BlackCat ransomware began their activity in December 2021, making posts on Dark Web forums to promote their affiliate program, offering other actors the opportunity to engage in a 'new type of ransomware family' developed from scratch using the Rust programming language. Some clear evidence indicates that the actors behind this new ransomware are not new to cybercrime, and there were links to other affiliate programs such as DarkSide, BlackMatter, and REvil. (After several attacks against large companies, these groups faced pressure and arrests, necessitating the termination of their operations). As a security measure, the operators of ALPHV implemented the requirement for the execution of the ransomware payload by providing an 'access token,' which is supplied by the owners of the Ransomware-as-a-Service to the affiliate. This token is added to the victim's ransom note so that they can contact the threat actor responsible for encrypting the data. ALPHV affiliates employ double and triple extortion techniques, meaning the publication of the company's name on leak sites, threats of data leakage, and lastly, threats of DDoS attacks against the organization.Source: https://github.com/crocodyli/ThreatActors-TTPs

Ransom Notes (4)
JX34qQm7.txtAlphv - JX34qQm7
Data on Your network was exfiltrated and encrypted.

Modifying encrypted files will result in permanent data loss!

Get in touch with us ASAP to get an offer:
1. Download and install Tor Browser from https://www.torproject.org/
2. Access User Panel at http://msv7eaydbdue7x6hos2kzbtwgoi7xmtuddlqgniqghs3qc54wajudwad.onion/?access-key=[snip]
   THIS IS YOUR PRIVATE USER PANEL ADDRESS, DO NOT SHARE IT WITH ANYONE!



See also:
  Visit our Blog: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion
  Social Media: https://twitter.com/search?q=%23alphv
alphv1.txt
Recent Victims (731 total)
View All
VictimCountryIndustryDate
ipmaltamira
ipmaltamira.com.mx
🇲🇽 MXBusiness ServicesMar 3, 2024
Ewig Usa
ewig-mco.com
🇨🇳 CNManufacturingMar 3, 2024
SBM & Co
sbmaccountancy.co.uk/
🇬🇧 GBBusiness ServicesMar 1, 2024
Petrus Resources Ltd
petrusresources.com
🇺🇸 USEnergyMar 1, 2024
Kumagai Gumi Group
kumagaigumi.co.jp
🇯🇵 JPBusiness Services
alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion
DLS
alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion
DLS
2cuqgeerjdba2rhdiviezodpu3lc4qz2sjf4qin6f7std2evleqlzjid.onion
DLS
vqifktlreqpudvulhbzmc5gocbeawl67uvs2pttswemdorbnhaddohyd.onion
DLS
alphvuzxyxv6ylumd2ngp46xzq3pw6zflomrghvxeuks6kklberrbmyd.onion
DLS
he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onion
DLS
Alphv - alphv1
Hello, [snip]

>> What happened?

Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension.
In order to recover your files you need to follow instructions below.

>> Sensitive Data

Sensitive data on your network was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.

Data includes:
- MICROS DATABASE, Accounting, Drawings
- Check Copies, Engineering, HR, Banking Information
- Payroll Scan, Sales and Marketing, Financia
- And more...

>> CAUTION

DO NOT MODIFY ENCRYPTED FILES YOURSELF.
DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.
YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.

>> What should I do next?

1) Download and install Tor Browser from: https://torproject.org/
2) Navigate to: http://d75itpgjjfe2ys2qivqplbvmw3yyx7o5e4ppt2esit2lluhngulz4hqd.onion/?access-key=[snip]
alphv2.txtAlphv - alphv2
>> What happened?

Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension.
In order to recover your files you need to follow instructions below.

>> Sensitive Data

Sensitive data on your system was DOWNLOADED.
If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly.

Data includes:
- Employees personal data, CVs, DL, SSN.
- Complete network map including credentials for local and remote services.
- Private financial information including: clients data, bills, budgets, annual reports, bank statements.
- Manufacturing documents including: datagrams, schemas, drawings in solidworks format
- And more...

Private URL: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/[snip]


>> CAUTION

DO NOT MODIFY ENCRYPTED FILES YOURSELF.
DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.
YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.

>> What should I do next?

Follow these simple steps to get everything back to normal:
1) Download and install Tor Browser from: https://torproject.org/
2) Navigate to: http://xnsbsjciylsg23zfmrv6ocuyh7ha5zexeouchlr3zsi5suda4arpeyqd.onion/?access-key=[snip]
alphv3.txtAlphv - alphv3
>> Introduction

Important files on your system was ENCRYPTED and now they have have "${EXTENSION}" extension.
In order to recover your files you need to follow instructions below.

>> Sensitive Data

Sensitive data on your system was DOWNLOADED and it will be PUBLISHED if you refuse to cooperate.

Data includes:
- Employees personal data, CVs, DL, SSN.
- Complete network map including credentials for local and remote services.
- Financial information including clients data, bills, budgets, annual reports, bank statements.
- Complete datagrams/schemas/drawings for manufacturing in solidworks format
- And more...

Private preview is published here: http://alphvmmm27o3abo3r2mlmjrpdmzle3rykajqc5xsj7j7ejksbpsa36ad.onion/[snip]


>> CAUTION

DO NOT MODIFY FILES YOURSELF.
DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA.
YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS.
YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT CIPHER KEY.

>> Recovery procedure

Follow these simple steps to get in touch and recover your data:
1) Download and install Tor Browser from: https://torproject.org/
2) Navigate to: http://sty5r4hhb5oihbq2mwevrofdiqbgesi66rvxr5sr573xgvtuvr4cs5yd.onion/?access-key=${ACCESS_KEY}
View All Ransom Notes
Mar 1, 2024
Allan Berger & Associates
bergerlawnola.com
🇺🇸 USBusiness ServicesFeb 29, 2024
Change Healthcare - Optum - UnitedHealth
changehealthcare.com
🇺🇸 USHealthcareFeb 28, 2024
verbraucherzentrale hessen
verbraucherzentrale-hessen.de
🇩🇪 DEBusiness ServicesFeb 27, 2024
Electro Marteix
emtek.es
🇪🇸 ESEnergyFeb 27, 2024
Angeles Medical Centers
angelesmentalhealth.com
🇺🇸 USHealthcareFeb 26, 2024
S+C Partners
scpllp.com
🇨🇦 CABusiness ServicesFeb 26, 2024
Worthen Industries [FULL DATA]
worthenind.com
🇺🇸 USManufacturingFeb 24, 2024
Family Health center
fhckzoo.com
🇺🇸 USHealthcareFeb 23, 2024
ANDFLA SRL
andfla.ro/
🇷🇴 ROAgriculture and Food ProductionFeb 23, 2024
Hardeman County Community Health Center
hardemanhealth.org/
🇺🇸 USHealthcareFeb 22, 2024
Worthen Industries [We're giving you one last chance to save your business]
worthenind.com
🇺🇸 USManufacturingFeb 22, 2024
KHSS (You have 3 days)
khss.com
🇺🇸 USTechnologyFeb 21, 2024
Austen Consultants
Austein-it.com
🇺🇸 USBusiness ServicesFeb 21, 2024
VSP Dental
vspdental.com
🇺🇸 USHealthcareFeb 18, 2024
Prudential Financial
prudential.com
🇺🇸 USFinancialFeb 16, 2024