The FBI and CISA have released a joint advisory on the resurgence of the ALPHV/BlackCat ransomware gang, despite previous law enforcement takedowns. The group is now adopting new RCE exploits (including the recently patched VMware vCenter RCE) and targeting victims with specialized phishing campaigns.
Business Impact
Ransomware is highly resilient; takedowns provide only temporary relief. The gang’s rapid adoption of new, severe vulnerabilities (like vCenter) means the financial risk remains extremely high, particularly for organizations with significant virtualization infrastructure.
Why It Happened
The group likely decentralized its operations and adopted more modular ransomware code, allowing it to quickly rebuild and bypass previous law enforcement decryption keys and blocklists.
Recommended Executive Action
Ensure your incident response plan includes the latest IoCs for BlackCat. Treat every new critical RCE vulnerability as an imminent threat from this group. Prioritize securing domain controllers and virtualization management interfaces (vCenter, Hyper-V).
Hashtags: #ALPHV #BlackCat #Ransomware #FBI #CISA #CyberCrime #Vulnerability #InfoSec