Gas Producer Sonangol Targeted: The Latest Victim of ALPHV Ransomware

Estimated read time 1 min read

The notorious ALPHV ransomware group, also known as BlackCat, has named Sonangol, a prominent gas producer, as its most recent victim.

Sonangol, an Angolan state oil company, has unfortunately found itself caught in ALPHV’s crosshairs. The group, known for its operations under the ransomware-as-a-service (RaaS) model, continues to wreak havoc in various sectors worldwide.

Blackcat Sonangol Picture via SOS Intelligence on Twitter
Blackcat Sonangol Picture via SOS Intelligence on Twitter

ALPHV’s sophisticated method involves multiple players working in a coordinated manner. The access brokers compromise networks and establish persistence, the RaaS operators build tools, and the RaaS affiliates perform other activities, including lateral network movement and exfiltration of data before launching the ransomware payload.

What makes ALPHV particularly dangerous is its double-extortion strategy. In addition to encrypting an organization’s data and demanding a ransom for its release, they also threaten to leak sensitive data, adding additional pressure on the victims to pay the demanded ransom.

While the extent of the damage inflicted on Sonangol remains undisclosed, the incident underscores the threat posed by ALPHV and similar groups.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author