BlackCatALPHV attacks Atlantic Federal Credit Union

Incident Date:

August 22, 2023

World map



BlackCatALPHV attacks Atlantic Federal Credit Union


Atlantic Federal Credit Union




Kenilworth, USA

New Jersey, USA

First Reported

August 22, 2023

The BlackCat/ALPHV Ransomware Attack on Atlantic Federal Credit Union

The BlackCat/ALPHV ransomware gang has attacked the Atlantic Federal Credit Union. Atlantic Federal Credit Union is a financial institution based in the United States. It primarily operates as a credit union, which is a type of member-owned financial cooperative. Credit unions typically offer services similar to banks, such as savings accounts, loans, and other financial products, but they are structured as non-profit organizations that are owned and operated by their members.

BlackCat/ALPHV posted Atlantic Federal Credit Union to its data leak site on August 22nd but provided no further details.

Understanding BlackCat/ALPHV Ransomware

First observed in late 2021, BlackCat/ALPHV is a RaaS (Ransomware-as-a-Service) that employs a well-developed RaaS platform that encrypts by way of an AES algorithm. The code is highly customizable and includes JSON configurations for affiliate customization. BlackCat/ALPHV has the ability to disable security tools and evade analysis and is probably the most advanced ransomware family at present capable of employing different encryption routines, advanced self-propagation, and hinders hypervisors to for obfuscations and anti-analysis.

BlackCat/ALPHV can impact systems running Windows, VMWare ESXi, and Linux (including Debian, ReadyNAS, Ubuntu, and Synology distributions).

Recent Activity and Impact

BlackCat/ALPHV became one of the more active RaaS platforms over the course of 2022, and attack volumes in Q1 2023 continued to increase although it was overtaken by Clop in number of attacks in Q1 2023. BlackCat/ALPHV typically demands ransoms in the $400,000 to $3 million range but has exceeded $5 million.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.