CyberSecurityBoard
Sponsor Register Login

ALPHV ransomware site outage rumored to be caused by law enforcement

A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours.
The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today.
BleepingComputer has also confirmed that unique Tor negotiation URLs shared with victims in ransom notes are also down, indicating a disruption to the ransomware gang's public-facing infrastructure and a halt to ongoing negotiations.
The Tox status for the Admin claims that the operation is repairing their servers but they have not answered questions about what happened.
BleepingComputer suspects that the ransomware gang may have suffered potential law enforcement action after their recent activities, which was also hinted at by others.
When the FBI breached REvil's servers, they obtained the decryption keys for the victims of the Kaseya ransomware attack.
BleepingComputer contacted the FBI about the ALPHV website disruption, but a reply was not immediately available.
The ALPHV/BlackCat ransomware operation is believed to be a rebrand of the DarkSide gang.
The operation launched in 2020 and quickly rose to prominence over the next year.
After attacking the Colonial Pipeline, the ransomware gang faced intense scrutiny by the US government and international law enforcement, ultimately leading to the seizure of their infrastructure and the operation shutting down.
Only a few months later, the ransomware gang returned, this time under the name BlackMatter.
The managers of this operation claimed in an interview that they were affiliates of the DarkSide operation and not the original leaders.
Only a short four months later, BlackMatter shut down its operation in November 2021 after claiming to be under pressure from law enforcement.
In February 2022, the ransomware gang returned again, this time under the name ALPHV, also known as BlackCat, for an image used on their Tor negotiation sites.
While this rebrand started out like most ransomware gangs, targeting companies in extortion attacks worldwide, they have expanded their operations by partnering with English-speaking affiliates and targeting critical infrastructure, such as hospitals and water suppliers.
Due to this, it was only a matter of time until they again felt the scrutiny of law enforcement, whether it be this disruption or a future one.
Ragnar Locker ransomware's dark web extortion sites seized by police.
Tipalti investigates claims of data stolen in ransomware attack.
Healthcare giant Henry Schein hit twice by BlackCat ransomware.
MGM casino's ESXi servers allegedly encrypted in ransomware attack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 08 Dec 2023 18:35:19 +0000


Cyber News related to ALPHV ransomware site outage rumored to be caused by law enforcement

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
6 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com
ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
6 months ago Bleepingcomputer.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
6 months ago Cisa.gov
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
6 months ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
6 months ago Bleepingcomputer.com
Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
7 months ago Darkreading.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
6 months ago Bleepingcomputer.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
6 months ago Bleepingcomputer.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
6 months ago Bleepingcomputer.com
Norton Healthcare discloses data breach after May ransomware attack - Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and ...
6 months ago Bleepingcomputer.com
A Major Ransomware Takedown Suffers a Strange Setback - Part of the reason for law enforcement's delay in attempting to take down Alphv's infrastructure may have been an ongoing investigation into the actors behind the group. The takedown effort involved collaboration and parallel investigations from ...
6 months ago Wired.com
ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
4 months ago Go.theregister.com
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
4 months ago Bleepingcomputer.com
The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
6 months ago Securityboulevard.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
4 months ago Malwarebytes.com
US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
4 months ago Bleepingcomputer.com
Understanding the Seizure of Dark Web Sites Linked to the Hive Ransomware - Recently, law enforcement seized several dark web sites linked to the Hive ransomware. The Hive ransomware is a potent form of malware that cybercriminals use to target organizations and individual computer users in order to demand a ransom for ...
1 year ago Bleepingcomputer.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
6 months ago Darkreading.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
3 months ago Bleepingcomputer.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
6 months ago Helpnetsecurity.com
ALPHV/BlackCat Takedown Appears to Be Law Enforcement Related - A Dark Web leak site known to be operated by the notorious ransomware group APLHV/BlackCat was taken offline on Dec. 7 and now threat intelligence experts have confirmed the outage is part of law enforcement action against the group. Dark Reading has ...
6 months ago Darkreading.com
Law enforcement conducts 'largest ever' botnet takedown - In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks. Europol on Thursday announced that an international law enforcement action, ...
1 month ago Techtarget.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
6 months ago Techrepublic.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)