Product Updates https://guardsix.com/product-updates Updates of Guardsix SIEM, NDR and SOAR the cybersecurity platform en Wed, 06 May 2026 13:17:32 GMT 2026-05-06T13:17:32Z en Hunting and remediating BlackCat ransomware (Clone) https://guardsix.com/product-updates/hunting-and-remediating-blackcat-ransomware-clone <div class="hs-featured-image-wrapper"> <a href="https://guardsix.com/product-updates/hunting-and-remediating-blackcat-ransomware-clone" title="" class="hs-featured-image-link"> <img src="https://logpoint.com/hubfs/Imported_Blog_Media/blackcat-blog-banner-4-1-2.png" alt="Hunting and remediating BlackCat ransomware (Clone)" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>&nbsp;</p> <div class="fusion-fullwidth fullwidth-box fusion-builder-row-8 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling" style="--awb-border-radius-top-left: 0px; --awb-border-radius-top-right: 0px; --awb-border-radius-bottom-right: 0px; --awb-border-radius-bottom-left: 0px; --awb-flex-wrap: wrap;"> <div class="fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap" style="max-width: 1185.6px; margin-left: calc(-4% / 2 ); margin-right: calc(-4% / 2 );"> <div class="fusion-layout-column fusion_builder_column fusion-builder-column-14 fusion_builder_column_1_2 1_2 fusion-flex-column" style="--awb-bg-size: cover; --awb-width-large: 50%; --awb-margin-top-large: 0px; --awb-spacing-right-large: 3.84%; --awb-margin-bottom-large: 20px; --awb-spacing-left-large: 3.84%; --awb-width-medium: 100%; --awb-order-medium: 0; --awb-spacing-right-medium: 1.92%; --awb-spacing-left-medium: 1.92%; --awb-width-small: 100%; --awb-order-small: 0; --awb-spacing-right-small: 1.92%; --awb-spacing-left-small: 1.92%;"> <div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"> <div class="fusion-text fusion-text-14"> <div> <div> <div class="css-2c6ch1"> <p><em><strong>By Anish Bogati and Bibek Thapa Magar; Security Research</strong></em></p> </div> </div> </div> <div class="box"> <h2><span class="inline-highlight active-highlight">TL;DR </span></h2> <p><span class="inline-highlight active-highlight">Known by many names, including ALPHV, AlphaV, ALPHVM, and Noberus, BlackCat ransomware made headlines for its successive attacks on high-profile targets.</span></p> <p><span class="inline-highlight active-highlight">The highest ransom they have demanded so far is $14 million and it’s speculated that it has similarities with ransomware families like Darkside, Blackmatter, and REvil in regard to the tools, filenames, and techniques they use.</span></p> <p><span class="inline-highlight active-highlight">Despite this speculation, Recorded Future’s interview with the representative of BlackCat confirmed that, as yet, there is no connection.</span></p> <p><span class="inline-highlight active-highlight">So far, the ransomware has affected organizations globally, both small and large in size, and from multiple industries including critical infrastructure sectors, such as government agencies, construction, manufacturing, education, insurance, and transportation.</span></p> <p><span class="inline-highlight active-highlight">According to our research, BlackCat has the fourth highest number of victims with 90 known victims.</span></p> <p><span class="inline-highlight active-highlight">Analytics for the top ransomware groups are available for download in guardsix Alert Rules.</span></p> <p><em>*Blog contains detailed analysis and investigation &amp; response via guardsix.</em></p> </div> </div> </div> </div> <div class="fusion-layout-column fusion_builder_column fusion-builder-column-15 fusion_builder_column_1_2 1_2 fusion-flex-column" style="--awb-bg-size: cover; --awb-width-large: 50%; --awb-margin-top-large: 0px; --awb-spacing-right-large: 3.84%; --awb-margin-bottom-large: 20px; --awb-spacing-left-large: 3.84%; --awb-width-medium: 100%; --awb-order-medium: 0; --awb-spacing-right-medium: 1.92%; --awb-spacing-left-medium: 1.92%; --awb-width-small: 100%; --awb-order-small: 0; --awb-spacing-right-small: 1.92%; --awb-spacing-left-small: 1.92%;"> <div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"> <div class="fusion-image-element " style="--awb-caption-title-font-family: var(--h2_typography-font-family); --awb-caption-title-font-weight: var(--h2_typography-font-weight); --awb-caption-title-font-style: var(--h2_typography-font-style); --awb-caption-title-size: var(--h2_typography-font-size); --awb-caption-title-transform: var(--h2_typography-text-transform); --awb-caption-title-line-height: var(--h2_typography-line-height); --awb-caption-title-letter-spacing: var(--h2_typography-letter-spacing);"> <span class=" fusion-imageframe imageframe-none imageframe-8 hover-type-none" style="border-radius: 20px;"></span> </div> </div> </div> </div> </div> <div class="hs-featured-image-wrapper"> <a href="https://guardsix.com/product-updates/hunting-and-remediating-blackcat-ransomware-clone" title="" class="hs-featured-image-link"> <img src="https://logpoint.com/hubfs/Imported_Blog_Media/blackcat-blog-banner-4-1-2.png" alt="Hunting and remediating BlackCat ransomware (Clone)" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </a> </div> <p>&nbsp;</p> <div class="fusion-fullwidth fullwidth-box fusion-builder-row-8 fusion-flex-container has-pattern-background has-mask-background nonhundred-percent-fullwidth non-hundred-percent-height-scrolling" style="--awb-border-radius-top-left: 0px; --awb-border-radius-top-right: 0px; --awb-border-radius-bottom-right: 0px; --awb-border-radius-bottom-left: 0px; --awb-flex-wrap: wrap;"> <div class="fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-content-wrap" style="max-width: 1185.6px; margin-left: calc(-4% / 2 ); margin-right: calc(-4% / 2 );"> <div class="fusion-layout-column fusion_builder_column fusion-builder-column-14 fusion_builder_column_1_2 1_2 fusion-flex-column" style="--awb-bg-size: cover; --awb-width-large: 50%; --awb-margin-top-large: 0px; --awb-spacing-right-large: 3.84%; --awb-margin-bottom-large: 20px; --awb-spacing-left-large: 3.84%; --awb-width-medium: 100%; --awb-order-medium: 0; --awb-spacing-right-medium: 1.92%; --awb-spacing-left-medium: 1.92%; --awb-width-small: 100%; --awb-order-small: 0; --awb-spacing-right-small: 1.92%; --awb-spacing-left-small: 1.92%;"> <div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"> <div class="fusion-text fusion-text-14"> <div> <div> <div class="css-2c6ch1"> <p><em><strong>By Anish Bogati and Bibek Thapa Magar; Security Research</strong></em></p> </div> </div> </div> <div class="box"> <h2><span class="inline-highlight active-highlight">TL;DR </span></h2> <p><span class="inline-highlight active-highlight">Known by many names, including ALPHV, AlphaV, ALPHVM, and Noberus, BlackCat ransomware made headlines for its successive attacks on high-profile targets.</span></p> <p><span class="inline-highlight active-highlight">The highest ransom they have demanded so far is $14 million and it’s speculated that it has similarities with ransomware families like Darkside, Blackmatter, and REvil in regard to the tools, filenames, and techniques they use.</span></p> <p><span class="inline-highlight active-highlight">Despite this speculation, Recorded Future’s interview with the representative of BlackCat confirmed that, as yet, there is no connection.</span></p> <p><span class="inline-highlight active-highlight">So far, the ransomware has affected organizations globally, both small and large in size, and from multiple industries including critical infrastructure sectors, such as government agencies, construction, manufacturing, education, insurance, and transportation.</span></p> <p><span class="inline-highlight active-highlight">According to our research, BlackCat has the fourth highest number of victims with 90 known victims.</span></p> <p><span class="inline-highlight active-highlight">Analytics for the top ransomware groups are available for download in guardsix Alert Rules.</span></p> <p><em>*Blog contains detailed analysis and investigation &amp; response via guardsix.</em></p> </div> </div> </div> </div> <div class="fusion-layout-column fusion_builder_column fusion-builder-column-15 fusion_builder_column_1_2 1_2 fusion-flex-column" style="--awb-bg-size: cover; --awb-width-large: 50%; --awb-margin-top-large: 0px; --awb-spacing-right-large: 3.84%; --awb-margin-bottom-large: 20px; --awb-spacing-left-large: 3.84%; --awb-width-medium: 100%; --awb-order-medium: 0; --awb-spacing-right-medium: 1.92%; --awb-spacing-left-medium: 1.92%; --awb-width-small: 100%; --awb-order-small: 0; --awb-spacing-right-small: 1.92%; --awb-spacing-left-small: 1.92%;"> <div class="fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column"> <div class="fusion-image-element " style="--awb-caption-title-font-family: var(--h2_typography-font-family); --awb-caption-title-font-weight: var(--h2_typography-font-weight); --awb-caption-title-font-style: var(--h2_typography-font-style); --awb-caption-title-size: var(--h2_typography-font-size); --awb-caption-title-transform: var(--h2_typography-text-transform); --awb-caption-title-line-height: var(--h2_typography-line-height); --awb-caption-title-letter-spacing: var(--h2_typography-letter-spacing);"> <span class=" fusion-imageframe imageframe-none imageframe-8 hover-type-none" style="border-radius: 20px;"></span> </div> </div> </div> </div> </div> <img src="https://track-eu1.hubspot.com/__ptq.gif?a=3887299&amp;k=14&amp;r=https%3A%2F%2Fguardsix.com%2Fproduct-updates%2Fhunting-and-remediating-blackcat-ransomware-clone&amp;bu=https%253A%252F%252Fguardsix.com%252Fproduct-updates&amp;bvt=rss" alt="" width="1" height="1" style="min-height:1px!important;width:1px!important;border-width:0!important;margin-top:0!important;margin-bottom:0!important;margin-right:0!important;margin-left:0!important;padding-top:0!important;padding-bottom:0!important;padding-right:0!important;padding-left:0!important; "> Emerging Threats guardsix's Blog Wed, 06 May 2026 13:17:32 GMT https://guardsix.com/product-updates/hunting-and-remediating-blackcat-ransomware-clone 2026-05-06T13:17:32Z guardsix