The BlackCat/ALPHV Ransomware Attack on Seiko Group Corporation

The BlackCat/ALPHV ransomware gang has attacked Seiko Group Corporation. Seiko Group Corporation, commonly known as Seiko, is a Japanese conglomerate that operates in various industries, including watchmaking, electronics, and precision instruments. The company has a rich history and has played a significant role in shaping the watch industry. BlackCat/ALPHV posted Seiko Group Corporation to its data leak site on August 21st but provided no further details.

Overview of BlackCat/ALPHV Ransomware

First observed in late 2021, BlackCat/ALPHV is a RaaS (Ransomware-as-a-Service) that employs a well-developed RaaS platform that encrypts by way of an AES algorithm. The code is highly customizable and includes JSON configurations for affiliate customization. BlackCat/ALPHV has the ability to disable security tools and evade analysis and is probably the most advanced ransomware family at present capable of employing different encryption routines, advanced self-propagation, and hinders hypervisors to for obfuscations and anti-analysis.

BlackCat/ALPHV can impact systems running Windows, VMWare ESXi, and Linux (including Debian, ReadyNAS, Ubuntu, and Synology distributions).

Recent Activity and Impact

BlackCat/ALPHV became one of the more active RaaS platforms over the course of 2022, and attack volumes in Q1 2023 continued to increase although it was overtaken by Clop in number of attacks in Q1 2023. BlackCat/ALPHV typically demands ransoms in the $400,000 to $3 million range but has exceeded $5 million.