{ "id": "3a0cbbd3-84bc-4865-8618-1b7f04daa945", "created_at": "2026-04-06T00:08:44.675209Z", "updated_at": "2026-04-10T03:29:39.818076Z", "deleted_at": null, "sha1_hash": "35121a8bc81af727d629e4c4b071ddcf4f340b90", "title": "BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1848292, "plain_text": "BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state\r\nBy Bill Toulas\r\nPublished: 2022-05-27 · Archived: 2026-04-05 19:49:18 UTC\r\nAustrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5\r\nmillion to unlock the encrypted computer systems.\r\nThe attack occurred on Tuesday and has caused severe operational disruption of government services, as thousands of\r\nworkstations have allegedly been locked by the threat actor.\r\nCarinthia's website and email service are currently offline and the administration is unable to issue new passports or traffic\r\nfines.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAdditionally, the cyberattack also disrupted COVID-19 tests processing and contact tracing done through the region's\r\nadministrative offices.\r\nThe hackers offered to provide a working decryption tool for $5 million. A spokesperson of the state, Gerd Kurath, told\r\nEuractiv that the attacker's demands will not be met, though.\r\nThe press representative further said that there is currently no evidence that BlackCat actually managed to steal any data\r\nfrom the state's systems and that the plan is to restore the machines from available backups.\r\nKurath said that of the 3,000 systems affected, the first ones are expected to become available again today.\r\nAt the time of writing, BlackCat's data leak site, where the hackers publish files stolen from victims that did not pay a\r\nransom, does not show any data from Carinthia. This may indicate a recent attack or that negotiations with the victim have\r\nnot completed.\r\nLatest victims announced in the ALPHV site\r\nALPHV/BlackCat\r\nThe ALPHV/BlackCat ransomware gang emerged in November 2021 as one of the more sophisticated ransomware\r\noperations. They are a rebrand of the DarkSide/BlackMatter gang responsible for the Colonial Pipeline attack last year.\r\nAt the start of 2022, BlackCat affiliates attacked high-profile entities and brands like the Moncler fashion group and the\r\nSwissport airline cargo handling services provider.\r\nBy the end of the first quarter of the running year, the FBI published a notice warning that BlackCat had breached at least 60\r\nentities worldwide, assuming the status it was anticipated to attain as one of the most active and dangerous ransomware\r\nprojects out there.\r\nThe attack on Carinthia and the large ransom demands show that the threat actor focuses on organizations that can pay big\r\nmoney to get their systems decrypted and avoid additional financial losses resulting from prolonged operational disruption.\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/\r\nhttps://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/" ], "report_names": [ "blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434124, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/35121a8bc81af727d629e4c4b071ddcf4f340b90.pdf", "text": "https://archive.orkl.eu/35121a8bc81af727d629e4c4b071ddcf4f340b90.txt", "img": "https://archive.orkl.eu/35121a8bc81af727d629e4c4b071ddcf4f340b90.jpg" } }