BlackCat/ALPHV Ransomware Gang Hits City of Lakewood

Date:

February 22, 2023

World map

Overview

Title

BlackCat/ALPHV Ransomware Gang Hits City of Lakewood

Victim

City of Lakewood

Attacker

ALPHV

Location

Lakewood, USA

Lakewood, California

Size of Attack

Unknown/TBD

First Reported

February 22, 2023

Last Updated

SecurityWeek reports that the BlackCa/ALPHV ransomware gang has hit the City of Lakewood, Washington, with a ransomware attack that included the exfiltration of sensitive data, as well as a call to any impacted third parties to sue the city for any damages.

BlackCat/ALPHV, a Ransomware as a Service (RaaS) attack platform provider, has been around since at least November of 2021 and was involved in over 10 percent of reported ransomware attacks in 2022, according to estimates. Attacks leveraging BlackCat typically employ a double extortion strategy where sensitive data is first exfiltrated before the ransomware payload is delivered, as in the Washington State case - and the attackers threaten to leak the data should the ransom demand go unpaid. BlackCat attacks have also employed additional extortion methods like DDoS attacks to put more pressure on the victims to pay. BlackCat also claimed a recent attack against the Five Guys burger chain where sensitive data was also exfiltrated for double extortion.

Takeaway: Ransomware attacks are more than just disruptive malware infections. The exfiltration of sensitive data means that even with a robust cyber program and data backups to assist in recovery efforts, organizations face additional risk from the exposure of internal communications, trade secrets, R&D assets, and intellectual property. The impact of attacks like the alleged attack on Washington can also extend to partner organizations as the sensitive information is leveraged in other criminal acts.

It is also worth noting that, while some of the targets may seem somewhat random or less desirable, they were likely chosen for good reason. Five Guys, for example, is an obvious choice, as the company certainly has ample resources to pay a ransom. Combine that with the fact that they lose significant revenue for every second their systems are bricked and you have an attractive target. Contrast that with a cash-strapped small city, and one has to wonder why they were targeted. Chances are they were selected by way of automation, where the attackers are scanning the internet for organizations with detectable vulnerabilities, misconfigurations, and other weaknesses in the network that can be exploited. So, while Five Guys were likely targeted deliberately, the city of Lakewood was probably chosen somewhat at random as a target of opportunity where the threat actors invested little time or resources.

Organizations of every size need to implement a strong prevention and resilience strategy to defend against ransomware attacks, including:

  • Keeping all software and operating systems up to date and patched
  • Assuring critical data is backed up offsite and protected from corruption in the case of a ransomware attack
  • Assure all endpoints are protected with an EPP solution like next-generation anti-virus (NGAV) software and an anti-ransomware solution
  • Implement network segmentation and Zero Trust policies
  • Implement an employee awareness program to educate against risky behaviors, phishing techniques, etc.
  • Plan and prepare for failure by running regular tabletop exercises and ensuring all stakeholders are ready and available to respond to an attack at all times

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

The BlackCa/ALPHV ransomware gang has hit the City of Lakewood with a ransomware attack that included the exfiltration of sensitive data...

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
Cactus attacks Tormax USA
Date
September 7, 2023
Ransomware group
Cactus
Location

San Antonio, USA

Texas, USA

Industry
Manufacturing
Victim
Tormax USA
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Onyx Fire Protection Services
Date
September 6, 2023
Ransomware group
LockBit
Location

Mississauga, Canada

Ontario, Canada

Industry
Professional, Scientific & Technical Services
Victim
Onyx Fire Protection Services
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Protoshop
Date
September 6, 2023
Ransomware group
LockBit
Location

Milan, Italy

Lombardy, Italy

Industry
Retail Trade
Victim
Protoshop
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
LockBit attacks Ragasa
Date
September 6, 2023
Ransomware group
LockBit
Location

Monterrey, Mexico

Nuevo Leon, Mexico

Industry
Accommodations & Food Services
Victim
Ragasa
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
Knight attacks Solano-Napa Pet Emergency Clinic
Date
September 6, 2023
Ransomware group
Knight
Location

Fairfield, USA

California, USA

Industry
Other
Victim
Solano-Napa Pet Emergency Clinic
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
LockBit attacks The Noble Group
Date
September 6, 2023
Ransomware group
LockBit
Location

Lancaster, USA

Pennsylvania, USA

Industry
Real Estate
Victim
The Noble Group
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
Akira attacks Energy One
Date
September 6, 2023
Ransomware group
Akira
Location

Eastwood, Australia

Adelaide, Australia

Industry
Other
Victim
Energy One
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
LockBit attacks Gorman and Company
Date
September 6, 2023
Ransomware group
LockBit
Location

Oregon, USA

Wisconsin, USA

Industry
Real Estate
Victim
Gorman and Company
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
INC Ransom attacks It4 Solutions Robras
Date
September 6, 2023
Ransomware group
INC Ransom
Location

Oakland Park, USA

Florida, USA

Industry
Information & Technology
Victim
It4 Solutions Robras
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods
LockBit attacks Meroso Foods
Date
September 6, 2023
Ransomware group
LockBit
Location

Ramsdonk, Belgium

Kapelle-op-den-Bos, Belgium

Industry
Accommodations & Food Services
Victim
Meroso Foods