alphv attacks NJVC
Incident Date:
October 7, 2022
Overview
Title
alphv attacks NJVC
Victim
NJVC
Attacker
Alphv
Location
First Reported
October 7, 2022
NJVC Suffers Ransomware Attack by BlackCat/ALPHV Group
NJVC, a government contractor specializing in IT automation, optimization, and security, has been targeted by the BlackCat/ALPHV ransomware group. The attack was announced on the group's dark web leak site, claiming to have stolen data from the company. NJVC, which has been in operation since 2000, serves the needs of the United States government and critical commercial entities.
The company, which supports 200+ sites on six continents, has a small business qualification as a subcontractor and employs staff with TS/SCI clearances. NJVC has been a continuous provider of mission-enabling enterprise technology since 2001 and is known for its cybersecurity measures.
The BlackCat/ALPHV Ransomware Group
The BlackCat/ALPHV group, which operates on a ransomware-as-a-service (RaaS) model, has targeted hundreds of organizations worldwide, including Reddit in 2023. The group is known for its double and triple extortion tactics, requesting ransom payments of several million dollars in Bitcoin and Monero.
The attack on NJVC is part of a larger trend of ransomware attacks on government and commercial entities. In 2022, there were 22 reported ransomware attacks on US state or local governments. The BlackCat/ALPHV group has also targeted other high-profile victims, such as MGM Resorts International and Caesars Entertainment.
Attack Methodology
The specific vulnerabilities that led to the attack on NJVC are not detailed in the available information. However, ransomware attacks often exploit weak points in an organization's security infrastructure, such as unpatched software or weak passwords.
The BlackCat/ALPHV group has a history of using stolen credentials obtained through initial access brokers to gain entry to targeted systems. The group also uses tools like ExMatter to steal sensitive data before deploying ransomware to encrypt files.
NJVC has not yet disclosed the extent of the data breach or the ransom demand from the BlackCat/ALPHV group. The company has not confirmed whether it will pay the ransom or if it will attempt to negotiate with the attackers.
The attack on NJVC underscores the need for organizations to maintain robust cybersecurity measures to protect against ransomware attacks. This includes regular software updates, strong password policies, and employee training on cybersecurity best practices.
Sources
- NJVC Home
- The State of Ransomware in 2022 - BlackFog
- BlackCat Ransomware Group Claims to Have Stolen 80GB of Data from Reddit
- BlackCat (cyber gang) - Wikipedia
- BlackCat said they breached US Department of Defense contractor
- The Definitive Guide to Ransomware - Hunt & Hackett
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.