NJVC Suffers Ransomware Attack by BlackCat/ALPHV Group

NJVC, a government contractor specializing in IT automation, optimization, and security, has been targeted by the BlackCat/ALPHV ransomware group. The attack was announced on the group's dark web leak site, claiming to have stolen data from the company. NJVC, which has been in operation since 2000, serves the needs of the United States government and critical commercial entities.

The company, which supports 200+ sites on six continents, has a small business qualification as a subcontractor and employs staff with TS/SCI clearances. NJVC has been a continuous provider of mission-enabling enterprise technology since 2001 and is known for its cybersecurity measures.

The BlackCat/ALPHV Ransomware Group

The BlackCat/ALPHV group, which operates on a ransomware-as-a-service (RaaS) model, has targeted hundreds of organizations worldwide, including Reddit in 2023. The group is known for its double and triple extortion tactics, requesting ransom payments of several million dollars in Bitcoin and Monero.

The attack on NJVC is part of a larger trend of ransomware attacks on government and commercial entities. In 2022, there were 22 reported ransomware attacks on US state or local governments. The BlackCat/ALPHV group has also targeted other high-profile victims, such as MGM Resorts International and Caesars Entertainment.

Attack Methodology

The specific vulnerabilities that led to the attack on NJVC are not detailed in the available information. However, ransomware attacks often exploit weak points in an organization's security infrastructure, such as unpatched software or weak passwords.

The BlackCat/ALPHV group has a history of using stolen credentials obtained through initial access brokers to gain entry to targeted systems. The group also uses tools like ExMatter to steal sensitive data before deploying ransomware to encrypt files.

NJVC has not yet disclosed the extent of the data breach or the ransom demand from the BlackCat/ALPHV group. The company has not confirmed whether it will pay the ransom or if it will attempt to negotiate with the attackers.

The attack on NJVC underscores the need for organizations to maintain robust cybersecurity measures to protect against ransomware attacks. This includes regular software updates, strong password policies, and employee training on cybersecurity best practices.

Sources

• NJVC Home
• The State of Ransomware in 2022 - BlackFog
• BlackCat Ransomware Group Claims to Have Stolen 80GB of Data from Reddit
• BlackCat (cyber gang) - Wikipedia
• BlackCat said they breached US Department of Defense contractor
• The Definitive Guide to Ransomware - Hunt & Hackett