The FBI is asking ALPHV victims for help in its investigation into the ransomware group.
In a flash alert about ALPHV, also known as BlackCat, the FBI asked for "any information that can be shared, to include IP logs showing callbacks from foreign IP addresses, Bitcoin or Monero addresses and transaction IDs, communications with the threat actors, the decryptor file, and/or a benign sample of an encrypted file."
In the alert, the FBI refers to Alphv as BlackCat, a name bestowed upon the group by researchers before the group itself had come forward with its own name. The group refers to itself as ALPHV.
The alert also contains indicators of compromise, techniques and some technical details that have been previously reported.
ALPHV describes itself as a new group composed of former BlackMatter and REvil programmers. Based on the code itself, there is definitive agreement that the group is a continuation of BlackMatter's ransomware product than REvil's.
ALPHV has been tracked to attacks on two major German oil companies, as well as industrial firms and Florida International University, though the victims of ransomware are typically in the discretion of the affiliate groups that do the hacking rather than a group like ALPHV that programs the malware and licenses its use. BlackMatter traces its lineage to Darkside, the group that famously targeted Colonial Pipeline in 2021.
