The BlackCat/ALPHV Ransomware Gang's Attack on Sirius Computer Solutions

The BlackCat/ALPHV ransomware gang has attacked Sirius Computer Solutions. Sirius Computer Solutions, commonly known as Sirius, is a technology services and consulting firm based in the United States. The company offers a range of services and solutions related to IT infrastructure, security, data management, cloud computing, and more. Sirius primarily serves enterprise-level clients, including Fortune 500 companies and other large organizations.

BlackCat/ALPHV posted Sirius Computer Solutions to its data leak site on August 21st but provided no further details.

Overview of BlackCat/ALPHV Ransomware

First observed in late 2021, BlackCat/ALPHV is a RaaS (Ransomware-as-a-Service) that employs a well-developed RaaS platform that encrypts by way of an AES algorithm. The code is highly customizable and includes JSON configurations for affiliate customization. BlackCat/ALPHV has the ability to disable security tools and evade analysis and is probably the most advanced ransomware family at present capable of employing different encryption routines, advanced self-propagation, and hinders hypervisors to for obfuscations and anti-analysis.

BlackCat/ALPHV can impact systems running Windows, VMWare ESXi, and Linux (including Debian, ReadyNAS, Ubuntu, and Synology distributions).

Recent Activity and Impact

BlackCat/ALPHV became one of the more active RaaS platforms over the course of 2022, and attack volumes in Q1 2023 continued to increase although it was overtaken by Clop in number of attacks in Q1 2023. BlackCat/ALPHV typically demands ransoms in the $400,000 to $3 million range but has exceeded $5 million.