BlackCat (ALPHV) multi-victim ransomware extortion campaign against U.S. companies
Campaign
Summary
Hide ▲
Show ▼
Two former cybersecurity workers pleaded guilty for participation in a BlackCat (ALPHV) ransomware extortion campaign that hit multiple U.S. victims, showing how affiliate access and insider experience can scale criminal operations. The campaign ran from May 2023 to November 2023 and tied intrusions to a 20% share of ransoms for access to BlackCat's platform. Victims included companies in pharmaceuticals, engineering, medical devices, drones, and healthcare, and one victim paid $1.27 million after its servers were encrypted.
Related Happenings
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor Meta
H score67
First: 03.07.2026 14:30
Last: 03.07.2026 14:30
Sources 1
About this happening:
**Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor MetaAbout this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Conti campaign expands across multiple victims
Campaign
H score38
First: 12.06.2026 20:54
Last: 12.06.2026 20:54
Sources 1
About this happening:
The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....
Conti campaign expands across multiple victims
CampaignAbout this happening: The **Conti ransomware operation** ran as a large-scale **2021-2022** extortion campaign that **stole data** and **encrypted devices** to pressure victims into paying **Bitcoin**....
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law Enforcement
H score39
First: 05.05.2026 13:13
Last: 05.05.2026 13:13
Sources 1
About this happening:
**Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
U.S. sentencing of Deniss Zolotarjovs in Karakurt ransomware case
Law EnforcementAbout this happening: **Deniss Zolotarjovs** was **sentenced to 8.5 years in prison** in the **United States** for serving as a **Karakurt ransomware** negotiator, resolving a cross-border cybercrime c...
Timeline
-
30.12.2025 17:25 3 articles · 6mo ago
Former Sygnia and DigitalMint employees plead guilty in BlackCat extortion case
Legal Policy Action UpdateRyan Clifford Goldberg and Kevin Tyler Martin, both former employees of cybersecurity incident response firms, pleaded guilty to conspiracy to obstruct commerce by extortion for helping BlackCat (ALPHV) carry out ransomware attacks against U.S. companies; prosecutors say the affiliate group breached multiple victims across the United States in 2023, demanded ransoms ranging from $300,000 to $10 million, and in one case encrypted a Tampa medical device company's servers and received $1.27 million.
Show sources
- US cybersecurity experts plead guilty to BlackCat ransomware attacks — www.bleepingcomputer.com — 30.12.2025 17:25
- US cybersecurity experts plead guilty to BlackCat ransomware attacks — www.bleepingcomputer.com — 30.12.2025 17:25
- U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks — thehackernews.com — 04.11.2025 09:45