Gas Producer Sonangol Targeted: The Latest Victim of ALPHV Ransomware

The notorious ALPHV ransomware group, also known as BlackCat, has named Sonangol, a prominent gas producer, as its most recent victim.

Sonangol, an Angolan state oil company, has unfortunately found itself caught in ALPHV’s crosshairs. The group, known for its operations under the ransomware-as-a-service (RaaS) model, continues to wreak havoc in various sectors worldwide.

ALPHV’s sophisticated method involves multiple players working in a coordinated manner. The access brokers compromise networks and establish persistence, the RaaS operators build tools, and the RaaS affiliates perform other activities, including lateral network movement and exfiltration of data before launching the ransomware payload.

What makes ALPHV particularly dangerous is its double-extortion strategy. In addition to encrypting an organization’s data and demanding a ransom for its release, they also threaten to leak sensitive data, adding additional pressure on the victims to pay the demanded ransom.

While the extent of the damage inflicted on Sonangol remains undisclosed, the incident underscores the threat posed by ALPHV and similar groups.