alphv attacks Red Badge Group

Incident Date:

January 16, 2022

World map



alphv attacks Red Badge Group


Red Badge Group




penrose, New Zealand

Auckland, New Zealand

First Reported

January 16, 2022

Red Badge Group Targeted by Alphv Ransomware Group

Company Overview

Red Badge Group, a New Zealand-owned business, is recognized for its leadership in security guarding, specializing in guarding, patrols, and monitoring. The company connects people nationwide through security and events, emphasizing the importance of its staff in delivering outstanding security services to a wide range of organizations.

Company Size and Vulnerabilities

While the exact size of Red Badge Group is not detailed, the company's emphasis on a team of specialists suggests a substantial workforce. The Alphv ransomware group's attack indicates that vulnerabilities may exist within the company's cybersecurity practices, particularly in areas such as user awareness and password security, given the group's known methods of gaining access through phishing and exploiting weak credentials.

Industry Standout and Impact

Red Badge Group's specialized services in guarding, patrols, and monitoring distinguish it within the security industry. The ransomware attack's impact on the company is not fully detailed, but Alphv's global activity suggests potential disruptions to Red Badge Group's operations, highlighting the broader implications of such cyber threats.

Alphv Ransomware Group

Active since at least 2022, Alphv (also known as DEV-0537) targets various industries with advanced techniques to expedite execution and evade detection. The group's distinctive use of the ".play" file extension for encrypting data underscores their methodical approach to ransomware attacks.

Mitigation Strategies

Although specific mitigation strategies for Red Badge Group are not provided, the mention of Red Teaming assessments as a practice for improving cyber resilience is notable. These simulations of real cyber attacks can help organizations identify and address cybersecurity gaps, enhancing their defensive capabilities.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.