{
	"id": "a801626c-02a9-4b03-976a-071c23236116",
	"created_at": "2026-04-06T00:12:40.637588Z",
	"updated_at": "2026-04-10T03:31:50.043943Z",
	"deleted_at": null,
	"sha1_hash": "52d23f4a4569aabef7567c7a3fbba4265f5d080c",
	"title": "ALPHV ransomware gang claims attack on Florida circuit court",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2944524,
	"plain_text": "ALPHV ransomware gang claims attack on Florida circuit court\r\nBy Sergiu Gatlan\r\nPublished: 2023-10-09 · Archived: 2026-04-05 16:10:45 UTC\r\nThe ALPHV (BlackCat) ransomware gang has claimed an attack that affected state courts across Northwest Florida (part of\r\nthe First Judicial Circuit) last week.\r\nAllegedly, the threat actors have acquired personal details like Social Security numbers and CVs of employees, including\r\njudges.\r\nAdditionally, ALPHV claims to possess a comprehensive network map of the court's systems, complete with local and\r\nremote service credentials.\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nRansomware gangs commonly threaten to leak stolen data online to coerce victims into negotiation or reopening\r\ndiscussions.\r\nThe presence of Florida's First Judicial Circuit's data leak page on ALPHV's website suggests that the court has either not\r\nengaged in negotiations with the ransomware operation or has firmly declined to meet the gang's demands.\r\nFlorida First Judicial Circuit ALLPHV data leak page (BleepingComputer)\r\nBreached last week\r\nThe Florida circuit court disclosed last week that it was investigating a cyberattack that disrupted its operations on Monday\r\nmorning, October 2nd.\r\n\"This event will significantly affect court operations across the Circuit, impacting courts in Escambia, Okaloosa, Santa Rosa,\r\nand Walton counties, for an extended period,\" a statement published on the court's website says.\r\n\"The Circuit is prioritizing essential court proceedings but will cancel and reschedule other proceedings and pause related\r\noperations for several days, beginning Monday, October 2, 2023.\"\r\nAmid the ongoing investigation into the attack, judges in the four counties have been communicating with litigants and\r\nattorneys regarding their weekly scheduled hearings.\r\nAdditionally, the court authorities confirmed that all facilities continue operating without disruptions. The court has not yet\r\nverified the ransomware attack claims made by the ALPHV gang.\r\nThe ALPHV ransomware operation\r\nThe BlackCat/ALPHV ransomware operation surfaced in November 2021 and is believed to be a rebranding of\r\nDarkSide/BlackMatter.\r\nInitially known as DarkSide, the group gained international attention following the breach of Colonial Pipeline, leading to\r\nscrutiny from law enforcement agencies globally.\r\nAfter rebranding again as BlackMatter in July 2021, their operations abruptly ceased in November 2021 when authorities\r\nseized their servers, and security firm Emsisoft created a decryptor exploiting a ransomware vulnerability.\r\nThis ransomware operation is known for consistently targeting global enterprises and continuously adapting and refining\r\ntheir tactics.\r\nIn a recent incident, an affiliate tracked as Scattered Spider claimed responsibility for the attack on MGM Resorts, claiming\r\nto have encrypted over 100 ESXi hypervisors after the company shut down internal infrastructure and declined to negotiate a\r\nransom.\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/\r\nPage 3 of 4\n\nAs BleepingComputer reported last week, ALPHV's ransomware attack on MGM Resorts led to losses of approximately\r\n$100 million, as well as the theft of its customers' personal information.\r\nThe FBI issued a warning in April, highlighting the group's involvement in successful breaches of over 60 entities\r\nworldwide between November 2021 and March 2022.\r\nH/T Dominic Alvieri\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/alphv-ransomware-gang-claims-attack-on-florida-circuit-court/"
	],
	"report_names": [
		"alphv-ransomware-gang-claims-attack-on-florida-circuit-court"
	],
	"threat_actors": [
		{
			"id": "9ddc7baf-2ea7-4294-af2c-5fce1021e8e8",
			"created_at": "2023-06-23T02:04:34.386651Z",
			"updated_at": "2026-04-10T02:00:04.772256Z",
			"deleted_at": null,
			"main_name": "Muddled Libra",
			"aliases": [
				"0ktapus",
				"Scatter Swine",
				"Scattered Spider"
			],
			"source_name": "ETDA:Muddled Libra",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7da6012f-680b-48fb-80c4-1b8cf82efb9c",
			"created_at": "2023-11-01T02:01:06.643737Z",
			"updated_at": "2026-04-10T02:00:05.340198Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"Scattered Spider",
				"Roasted 0ktapus",
				"Octo Tempest",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "MITRE:Scattered Spider",
			"tools": [
				"WarzoneRAT",
				"Rclone",
				"LaZagne",
				"Mimikatz",
				"Raccoon Stealer",
				"ngrok",
				"BlackCat",
				"ConnectWise"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "c3b908de-3dd1-4e5d-ba24-5af8217371f0",
			"created_at": "2023-10-03T02:00:08.510742Z",
			"updated_at": "2026-04-10T02:00:03.374705Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"UNC3944",
				"Scattered Swine",
				"Octo Tempest",
				"DEV-0971",
				"Starfraud",
				"Muddled Libra",
				"Oktapus",
				"Scatter Swine",
				"0ktapus",
				"Storm-0971"
			],
			"source_name": "MISPGALAXY:Scattered Spider",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d093e8d9-b093-47b8-a988-2a5cbf3ccec9",
			"created_at": "2023-10-14T02:03:13.99057Z",
			"updated_at": "2026-04-10T02:00:04.531987Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"0ktapus",
				"LUCR-3",
				"Muddled Libra",
				"Octo Tempest",
				"Scatter Swine",
				"Scattered Spider",
				"Star Fraud",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "ETDA:Scattered Spider",
			"tools": [
				"ADRecon",
				"AnyDesk",
				"ConnectWise",
				"DCSync",
				"FiveTran",
				"FleetDeck",
				"Govmomi",
				"Hekatomb",
				"Impacket",
				"LOLBAS",
				"LOLBins",
				"LaZagne",
				"Living off the Land",
				"Lumma Stealer",
				"LummaC2",
				"Mimikatz",
				"Ngrok",
				"PingCastle",
				"ProcDump",
				"PsExec",
				"Pulseway",
				"Pure Storage FlashArray",
				"Pure Storage FlashArray PowerShell SDK",
				"RedLine Stealer",
				"Rsocx",
				"RustDesk",
				"ScreenConnect",
				"SharpHound",
				"Socat",
				"Spidey Bot",
				"Splashtop",
				"Stealc",
				"TacticalRMM",
				"Tailscale",
				"TightVNC",
				"VIDAR",
				"Vidar Stealer",
				"WinRAR",
				"WsTunnel",
				"gosecretsdump"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e424a2db-0f5a-4ee5-96d2-5ab16f1f3824",
			"created_at": "2024-06-19T02:03:08.062614Z",
			"updated_at": "2026-04-10T02:00:03.655475Z",
			"deleted_at": null,
			"main_name": "GOLD HARVEST",
			"aliases": [
				"Octo Tempest ",
				"Roasted 0ktapus ",
				"Scatter Swine ",
				"Scattered Spider ",
				"UNC3944 "
			],
			"source_name": "Secureworks:GOLD HARVEST",
			"tools": [
				"AnyDesk",
				"ConnectWise Control",
				"Logmein"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434360,
	"ts_updated_at": 1775791910,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/52d23f4a4569aabef7567c7a3fbba4265f5d080c.pdf",
		"text": "https://archive.orkl.eu/52d23f4a4569aabef7567c7a3fbba4265f5d080c.txt",
		"img": "https://archive.orkl.eu/52d23f4a4569aabef7567c7a3fbba4265f5d080c.jpg"
	}
}