BlackCat/ALPHV attacks Sirius Computer Solutions

Incident Date:

August 22, 2023

World map



BlackCat/ALPHV attacks Sirius Computer Solutions


Sirius Computer Solutions




San Antonio, USA


First Reported

August 22, 2023

The BlackCat/ALPHV Ransomware Gang's Attack on Sirius Computer Solutions

The BlackCat/ALPHV ransomware gang has attacked Sirius Computer Solutions. Sirius Computer Solutions, commonly known as Sirius, is a technology services and consulting firm based in the United States. The company offers a range of services and solutions related to IT infrastructure, security, data management, cloud computing, and more. Sirius primarily serves enterprise-level clients, including Fortune 500 companies and other large organizations.

BlackCat/ALPHV posted Sirius Computer Solutions to its data leak site on August 21st but provided no further details.

Overview of BlackCat/ALPHV Ransomware

First observed in late 2021, BlackCat/ALPHV is a RaaS (Ransomware-as-a-Service) that employs a well-developed RaaS platform that encrypts by way of an AES algorithm. The code is highly customizable and includes JSON configurations for affiliate customization. BlackCat/ALPHV has the ability to disable security tools and evade analysis and is probably the most advanced ransomware family at present capable of employing different encryption routines, advanced self-propagation, and hinders hypervisors to for obfuscations and anti-analysis.

BlackCat/ALPHV can impact systems running Windows, VMWare ESXi, and Linux (including Debian, ReadyNAS, Ubuntu, and Synology distributions).

Recent Activity and Impact

BlackCat/ALPHV became one of the more active RaaS platforms over the course of 2022, and attack volumes in Q1 2023 continued to increase although it was overtaken by Clop in number of attacks in Q1 2023. BlackCat/ALPHV typically demands ransoms in the $400,000 to $3 million range but has exceeded $5 million.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.