{"id":53721,"date":"2023-09-18T13:18:21","date_gmt":"2023-09-18T13:18:21","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35024\/BlackCat-ALPHV-Reportedly-Encrypted-More-Than-100-MGM-ESXi-Hypervisors.html"},"modified":"2023-09-18T13:18:21","modified_gmt":"2023-09-18T13:18:21","slug":"blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/","title":{"rendered":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0915_mgm.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Two important pieces of news broke late Thursday on the MGM-Caesars breach that has plagued the two Las Vegas hotels all week.<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/mgm-casinos-esxi-servers-allegedly-encrypted-in-ransomware-attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">BleepingComputer reported<\/a> that the BlackCat\/ALPHV ransomware group responsible for the attacks claimed they infiltrated MGM\u2019s infrastructure since last Friday and encrypted more than 100 ESXi hypervisors.<\/p>\n<p>BlackCat reportedly said that they exfiltrated data from the network and maintain access to some of MGM\u2019s infrastructure, threatening to deploy new attacks unless MGM finally agrees to pay a ransom.<\/p>\n<p>Reports earlier this week indicated that negotiations between MGM and BlackCat\/ALPHV have been ongoing. It was <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2023-09-13\/caesars-entertainment-paid-millions-in-ransom-in-recent-attack#xj4y7vzkg\" target=\"_blank\" rel=\"noreferrer noopener\">also reported by Bloomberg that Caesars paid millions of dollars<\/a> in ransom.<\/p>\n<p>The hackers said that the only action they saw from MGM in response to the breach was that MGM disconnected their Okta Sync servers after learning that BlackCat\/ALPHV had been lurking on their Okta Agent servers. Despite MGM shutting down the Okta servers, the hackers said in their statement they continue to be present on the MGM network.<\/p>\n<p>Nick&nbsp;Hyatt,&nbsp;cyber practice leader at Optiv, explained that as major organizations have moved to virtualization over the past decade, more and more of their technology has moved from bare metal machines to virtualized servers. By encrypting ESXi servers, Hyatt said threat actors can cripple functionality \u2014 encrypting the host server essentially disables all the virtualized servers in one fell swoop.<\/p>\n<p>\u201cThis is not a new tactic, but it\u2019s efficient,\u201d said Hyatt. \u201cAs we see threat actor groups like this focus more on efficiency and payouts rather than causing carnage, organizations must rely on defense-in-depth and ensuring mission-critical applications are protected by multiple layers of defense and redundancy. It\u2019s an expensive problem, but in the long run results in a more secure environment.\u201d<\/p>\n<p>Callie Guenther, senior manager, cyber threat research at Critical Start, added that the evolving modus operandi of this group, particularly their use of social engineering attacks and the <a href=\"https:\/\/www.scmagazine.com\/news\/tactics-of-mgm-caesars-attackers-were-known-for-several-months\">Bring Your Own Vulnerable Driver (BYOVD<\/a>) strategy that gives them elevated Windows privileges, underlines the multifaceted nature of the cyber threat environment.<\/p>\n<p>\u201cThis combination of data encryption and the threat of its release is a stark reminder of the multi-dimensional challenges businesses face when dealing with ransom attacks,\u201d said Guenther. \u201cThe alleged continuous access the attackers claim to have, even after their initial breach, underscores the importance of thorough post-incident investigations. The supposed demographic profile of these threat actors \u2014 primarily young English-speakers \u2014 serves as a poignant reminder that cyber adversaries can emerge from virtually any quarter.\u201d<\/p>\n<p>Guenther said when her team analyzed the information about the Okta breaches, especially as it relates to MGM and Caesars, they saw a different, but connected, phase of the attack chain. Guenther said Okta&#8217;s compromise appears centered around social engineering attacks against IT service desk personnel to reset MFA factors for highly-privileged users.<\/p>\n<p>\u201cOnce attackers gain Super Administrator rights in Okta, they can potentially leverage these rights to further penetrate the organization&#8217;s network,\u201d explained Guenther. \u201cThis can include gaining escalated privileges on Windows systems. The \u2018novel methods of lateral movement and defense evasion\u2019 mentioned in the Okta report likely pertain to this. With the right permissions, they could gain access to critical systems, including those managing virtual environments like ESXi hypervisors.\u201d<\/p>\n<p>Guenther added that gaining control over ESXi hypervisors offers the attackers immense power over VMs. She said they could encrypt these VMs for ransom, as evidenced by the BlackCat\/ALPHV ransomware attack on MGM.<\/p>\n<p>\u201cMost organizations run a significant number of their applications and databases on Windows-based VMs under ESXi hypervisors,\u201d said Guenther. \u201cIf attackers exploit ESXi, and consequently the VMs, they essentially have control over these Windows systems. This can lead to further data theft, system disruptions, and other malicious activities. In essence, the Okta breaches can be viewed as an entry or pivot point. Once attackers gain significant privileges via tools like Okta, they can move laterally, escalate their privileges on critical systems like Windows servers, and then exploit high-value targets like ESXi hypervisors.\u201d<\/p>\n<h2>BlackCat\/ALPHV affiliate responsible for MGM attack?<\/h2>\n<p>For those confused over which groups are responsible for the MGM and Caesars attacks, SC Media covered this in Thursday\u2019s report in which&nbsp;Michael Sikorski, vice president of engineering and CTO at Palo Alto Networks Unit 42, explained that BlackCat\/ALPHV has made the group Unit 42 calls &#8220;Muddled Libra&#8221; (aka Scattered Spider\/UNC3944) an affiliate.<\/p>\n<p>To make life even murkier, in today\u2019s BleepingComputer story, BlackCat\/ALPHV did not directly confirm that Scattered Spider carried out the MGM attack, but they did confirm that it was one of their affiliates.<\/p>\n<p>\u201cBlackCat gives affiliates access to their \u201ckit\u201d which includes the ransomware, support, negotiations, and access to their leak site,\u201d Sikorski told SC Media. \u201cThis also lets Muddled Libra put additional pressures on their targets, and continue to find new revenue streams.\u201d<\/p>\n<p>In other news around this story, Mandiant Google Cloud posted a <a href=\"https:\/\/www.mandiant.com\/resources\/blog\/unc3944-sms-phishing-sim-swapping-ransomware\" target=\"_blank\" rel=\"noreferrer noopener\">detailed blog<\/a> that explained the genesis of Scattered Spider, what Mandiant calls UNC3944. In the blog, Mandiant explained that UNC3944 is a financially-motivated threat cluster that has persistently used phone-based social engineering and SMS phishing campaigns to obtain credentials as means to gaining and escalating access to victim organization.<\/p>\n<p>While thorough and informative, the Mandiant Google Cloud post does not make a direct connection to UNC3944 and the MGM-Caesars incidents.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35024\/BlackCat-ALPHV-Reportedly-Encrypted-More-Than-100-MGM-ESXi-Hypervisors.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53722,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9707],"class_list":["post-53721","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerprivacymalwarecybercrimedata-lossfraudcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-18T13:18:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0915_mgm.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"BlackCat\\\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors\",\"datePublished\":\"2023-09-18T13:18:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/\"},\"wordCount\":900,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg\",\"keywords\":[\"headline,hacker,privacy,malware,cybercrime,data loss,fraud,cryptography\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/\",\"name\":\"BlackCat\\\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg\",\"datePublished\":\"2023-09-18T13:18:21+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/09\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg\",\"width\":1195,\"height\":805},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,privacy,malware,cybercrime,data loss,fraud,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerprivacymalwarecybercrimedata-lossfraudcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"BlackCat\\\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/","og_locale":"en_US","og_type":"article","og_title":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-09-18T13:18:21+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/09\/0915_mgm.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors","datePublished":"2023-09-18T13:18:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/"},"wordCount":900,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg","keywords":["headline,hacker,privacy,malware,cybercrime,data loss,fraud,cryptography"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/","url":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/","name":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg","datePublished":"2023-09-18T13:18:21+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/09\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors.jpg","width":1195,"height":805},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/blackcat-alphv-reportedly-encrypted-more-than-100-mgm-esxi-hypervisors\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,privacy,malware,cybercrime,data loss,fraud,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerprivacymalwarecybercrimedata-lossfraudcryptography\/"},{"@type":"ListItem","position":3,"name":"BlackCat\/ALPHV Reportedly Encrypted More Than 100 MGM ESXi Hypervisors"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53721","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53721"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53721\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53722"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53721"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53721"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53721"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}