Skip to main content

Home BlackCat


Also known as: ALPHV, Noberus

Category: Ransomware

Type: Ransomware as a Service (RaaS)

Platform: Windows, Linux

Damage potential: Inaccessible files, ransom demands, data theft, data breach


BlackCat is a ransomware family that targets Windows and Linux systems. When it enters a system, BlackCat encrypts the victim’s files and asks for a payment in cryptocurrency to make those files accessible again. BlackCat can also extract data, potentially leading to data breaches or blackmailing the victim about publishing the stolen data. The ransomware was first detected in 2021 and since then, it has targeted companies in different industries, including finance, manufacturing, and law.

Possible symptoms

The most typical signs of a BlackCat attack are inaccessible files, suspicious changes in file extensions, and a ransom note asking for payment, often in cryptocurrency. Additionally, you may notice slower system performance or unusual network activity.

Sources of the infection

Common sources of BlackCat infection are the following:

  • Phishing emails with malicious attachments or links.
  • Exploit kits targeting vulnerabilities in RDP (Remote Desktop Protocol) or VPN (virtual private network) services.
  • Malicious downloads from compromised websites.


If you want to protect your computer from ransomware, always be cautious online.

  • Avoid downloading attachments or clicking links in emails from suspicious senders.
  • Block malicious websites and ads with NordVPN’s Threat Protection Pro.
  • Regularly update operating systems, software, and apps to fix vulnerabilities that could be exploited by BlackCat and similar threats.
  • Back up important files in a cloud or secure offline storage.
  • Use multi-factor authentication to prevent unauthorized access to online accounts, even if hackers get their hands on your credentials.