We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Ransom:Win32/Blackcat
Aliases: No associated aliases
Summary
BlackCat ransomware, also known as ALPHV, was first observed in November 2021. It operates as a ransomware as a service (RaaS), where affiliates pay for software that enables them to launch ransomware attacks.
BlackCat ransomware operators allow affiliates to customize payloads, giving them the opportunity to target different operating systems (Windows and Linux) and corporate environments. The ransomware is written in the Rust programming language, which presents a challenge for traditional security solutions to analyze binaries generated by it.
For more information about BlackCat and other human-operated ransomware campaigns, read these posts:
- The many lives of BlackCat ransomware
- Human-operated ransomware
- Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
There is no one-size-fits-all response if you have been victimized by ransomware. To recover files, you can restore backups. There is no guarantee that paying the ransom will give you access to your files.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.