BlackCat/ALPHV attacks Barts Health NHS Trust

Incident Date:

June 30, 2023

World map



BlackCat/ALPHV attacks Barts Health NHS Trust


Barts Health NHS Trust




London, United Kingdom

, United Kingdom

First Reported

June 30, 2023

The BlackCat/ALPHV Ransomware Attack on Barts Health NHS Trust

Barts Health NHS Trust has been targeted by the BlackCat/ALPHV ransomware gang. Barts Health NHS Trust stands as one of the largest National Health Service (NHS) trusts in the United Kingdom, operating several hospitals in London. These facilities provide healthcare services to a significant portion of the capital city's population. The trust's name originates from St Bartholomew's Hospital, boasting a history that stretches back to 1123.

Barts Health NHS Trust was formed in 2012, following the merger of several hospitals and healthcare facilities. This amalgamation included St Bartholomew's Hospital, The Royal London Hospital, Whipps Cross University Hospital, Newham University Hospital, and Mile End Hospital. Together, these hospitals cater to a diverse community, offering a broad spectrum of medical services ranging from emergency care to specialized treatments and general healthcare.

Details of the Cyberattack

On June 30th, BlackCat/ALPHV announced on its data leak site that it had compromised Barts Health NHS Trust, claiming to have exfiltrated 7TB of sensitive and confidential data. First detected in late 2021, BlackCat/ALPHV operates a sophisticated RaaS (Ransomware-as-a-Service) platform. This platform utilizes encryption through an AES algorithm, with the AES key itself being encrypted using an RSA public key.

Notably, BlackCat/ALPHV has demonstrated capabilities to disable security tools and evade analysis. It is believed to be the first ransomware group to utilize RUST, a programming language known for its safety and exceptional performance in concurrent processing. Furthermore, the ransomware exploits Windows scripting for payload deployment and to compromise additional hosts. The developers behind BlackCat/ALPHV have also been linked to previous DarkSide/BlackMatter ransomware attacks, suggesting a possible rebranding of those campaigns.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.