alphv attacks CGT SpA

Incident Date:

February 2, 2022

World map



alphv attacks CGT SpA






Carugate, Italy

Carugate, Italy

First Reported

February 2, 2022

Alphv Ransomware Attack on CGT SpA

CGT SpA, an Italian manufacturing company, has been targeted by the ransomware group Alphv, also known as BlackCat or Noberus. The attack was announced on the dark web leak site of the ransomware group, with the victim's website being The company operates in the manufacturing sector and has been affected by the ransomware attack, which encrypts the victim's files and demands a ransom for their release.

Company Overview

CGT SpA is an Italian company that operates in the manufacturing sector. The company's website provides limited information about its operations and services, focusing more on its history and mission statement. The company's website is available at

Company Size and Industry Standing

CGT SpA is a medium-sized company in the manufacturing sector. The company's website does not provide detailed information about its size or market position. However, it is clear that the company operates in a competitive industry, as it is not the only manufacturing company in Italy or globally.

Vulnerabilities and Targeting

The ransomware attack on CGT SpA highlights the vulnerabilities of companies in the manufacturing sector to cyber threats. The attackers likely exploited vulnerabilities in the company's IT infrastructure or used social engineering tactics to gain access to the network. The attack serves as a reminder that all companies, regardless of their size or industry, are at risk of cyber attacks and should take appropriate measures to protect their data and systems.

Mitigation Strategies

To mitigate the risks of ransomware attacks, companies should implement a multi-layered security strategy that includes regular software updates, employee training, and robust backup and recovery systems. Additionally, companies should consider implementing a ransomware response plan to minimize the impact of an attack and ensure business continuity.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.