alphv attacks Checker Cabs

Incident Date:

September 14, 2022

World map



alphv attacks Checker Cabs


Checker Cabs




Calgary, Canada

Alberta, Canada

First Reported

September 14, 2022

Alphv Ransomware Attack on Checker Cabs

Checker Cabs, a family-owned taxi company operating in Calgary, has been targeted by the ransomware group Alphv, also known as BlackCat. The attack was announced on the group's dark web leak site, and the victim's website is the official site of The Checker Transportation Group, which encompasses Checker Cabs, Ambassador Limousine Services, Rocky Mountain Auto, and Rocky Mountain Collision Centre.

Company Overview

For nearly half a century, Checker Cabs has been delivering professional taxi services to the residents and visitors of Calgary. Renowned for its extensive fleet, the company adeptly fulfills the corporate travel demands of the community. Its service offerings are diverse, including on-demand delivery, wheelchair-accessible vans, and airport transportation solutions.

Vulnerabilities and Targeting

The precise vulnerabilities exploited in the Alphv ransomware attack on Checker Cabs remain unspecified. Nonetheless, it is recognized that Alphv, a Rust-based ransomware, has been operational since at least 2021. This group is distinguished by its adoption of a configuration file from BlackMatter, facilitating the targeting of a broad spectrum of victims.

Industry Impact

The manufacturing sector, which Checker Cabs is a part of, has increasingly become a focal point for ransomware attacks. The year 2022 witnessed a surge in such attacks against local governments, signaling potential repercussions for the manufacturing sector as well.

Mitigation Strategies

Although specific mitigation strategies for Checker Cabs are not delineated, it is imperative for entities within the manufacturing sector to deploy comprehensive cybersecurity defenses to thwart ransomware attacks. Critical measures include the consistent updating of software, conducting employee cybersecurity awareness training, and the implementation of multi-factor authentication.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.