February 16, 2024 By Bill Toulas
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.
Netwalker was a prolific ransomware-as-a-service (RaaS) active between October 2019 and January 2021, when law enforcement seized its dark web sites, resulting in its operators going silent.
The Alpha ransomware operation (not to be confused with ALPHV/BlackCat) emerged in February 2023 but kept a low profile, didn't promote on hacker forums, nor did its operators carry out many attacks.
This changed recently when the group launched a data leak site to list victims and publish files stolen from breached networks.
At the time of writing, Alpha shows nine victims on its extortion portal, and for eight of them the threat actor has already published the stolen files.