ALPHV attacks RecordTV

Incident Date:

October 8, 2022

World map



ALPHV attacks RecordTV






Sao Paulo, Brazil

, Brazil

First Reported

October 8, 2022

The ALPHV Ransomware Gang Attacks RecordTV

The ALPHV ransomware gang has attacked RecordTV. On October 8th, RecordTV, a news channel in Brazil, experienced a cyber-attack that resulted in a complete network outage. The attackers stole the personal data of employees, network maps containing credentials for both local and remote services, and additional data. Cadu Safner initially reported the attack, revealing the severity of the situation on Twitter. "Employees are unable to perform live broadcasts. They have been released from work today. The situation is dire," stated the journalist.

Impact on RecordTV's Operations

ALPHV, also known as BlackCat, is a ransomware-as-a-service (RaaS) operation known for infecting numerous companies in the past. This cyber-attack forced the broadcaster to modify its schedule. The news program "Fala Brasil" was suspended at around 9 am, and alternative content was aired until 12 noon. Following the schedule adjustment, RecordTV aired episodes of the series "Todo Mundo Odeia o Chris," which is typically shown on Sunday mornings. By early afternoon, the television network had successfully resumed its regular programming.

ALPHV/BlackCat Ransomware Details

The company has not issued an official statement confirming or denying the incident. First observed in late 2021, ALPHV/BlackCat employs a well-developed RaaS platform that encrypts by way of an AES algorithm where the AES key is encrypted using an RSA public key. ALPHV/BlackCat has the ability to disable security tools and evade analysis.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.