alphv attacks Calvetti Ferguson

Incident Date:

April 22, 2022

World map



alphv attacks Calvetti Ferguson


Calvetti Ferguson




Houston, USA

Texas, USA

First Reported

April 22, 2022

Calvetti Ferguson Targeted by Alphv Ransomware Group

Calvetti Ferguson, a middle-market accounting and advisory firm, has been targeted by the Alphv ransomware group, as claimed on the group's dark web leak site. The company, which provides tax, assurance, advisory, technology advisory, and accounting services to businesses, high net worth families, and private equity firms, has been affected by the attack.

Company Profile

Calvetti Ferguson is a well-established firm with a strong reputation in the industry. They are known for their expertise in addressing complex corporate and partnership tax needs and streamlining business processes for growing companies.


The specific vulnerabilities that led to the successful attack on Calvetti Ferguson are not detailed in the search results. However, it is known that Alphv ransomware is deployed as part of Ransomware as a Service (RaaS) operations and is written in the Rust programming language, supporting execution on Windows, Linux-based operating systems, and VMWare ESXi. Alphv can encrypt files using either the AES or ChaCha20 algorithms and can delete volume shadow copies, stop processes and services, and stop virtual machines on ESXi servers to maximize the amount of ransomed data.

Response and Mitigation

The search results do not provide information on the response from Calvetti Ferguson or any mitigation measures they have taken to address the ransomware attack.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.