ALPHV/BlackCat

Also known as: BlackCat, Noberus, Cicada3301

Overview

Sophisticated RaaS group that pioneered Rust-based ransomware. After apparent exit scam in 2024, affiliates regrouped under Cicada3301 and RansomHub brands.

MITRE ATT&CK Coverage

Recon

Res Dev

Init Access

Execution

Persistence

Priv Esc

Def Evasion

Cred Access

Discovery

Lat Move

Collection

Exfil

Impact

2 of 14 tactics observed

Raw TTPs

Rust RansomwareESXi TargetingTriple ExtortionAffiliate ProgramSEC Reporting Abuse

Related Intelligence (1)

HIGHRansomware

ALPHV Successor RansomHub Becomes Top Ransomware Threat in Q1 2026

RansomHub, believed to include former ALPHV/BlackCat operators, claims 185+ victims in Q1 2026 alone. Now the most prolific ransomware operation.

Windows Server

Mar 7, 2026Group-IB / Recorded Future