BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement

Despite law enforcement efforts to take-down the notorious ALPHV/BlackCat ransomware gang the threat actors are not going down without a fight.
Latest developments have shown that the site that was supposedly 'taken down' by the FBI has now been 'unseized.
The US Department of Justice announced a technical operation against BlackCat on December 19, this was accompanied by a notice on the groups website stating its seizure by the FBI. However, some hours later, the group responded with its own notice on the original main leak site.
West explained that in theory two entities can hold the same private key by accident if hostnames clash, but the chances of this are mathematically remote, and both the FBI warrant and BlackCat's commentary alludes to the employment of an insider.
Secureworks noted that on December 13, the group published the first victim to its new leak site.
As of December 19, five victims were posted to the new site, demonstrating the group retained some operational capacity.
The notice BlackCat posted on the original main leak site was accompanied by a link to a new blog site and a Russian-language announcement that acknowledged the FBI's action and threatened retribution.
In a translation of the message the ransomware gang stated that because of the actions of law enforcement 'new rules' were being introduced which allows for ALPHV affiliates to target critical infrastructure including hospitals and nuclear power plants.
Mitchell concurred with this sentiment, stating that the group has a documented history of attacking healthcare and energy infrastructure targets already.
The ransomware gang has also moved to cut the cost of working with them and has banned discounts to companies it has exploited - payment is strictly the amount indicated by the criminals.
It is notable that, at the time of writing, there is no evidence of arrests being made relating to members of the group.
Mitchell said this means the long-term effects of the disruption activity might be limited.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 20 Dec 2023 13:00:27 +0000

Cyber News related to BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement

#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
6 months ago Cisa.gov

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
6 months ago Bleepingcomputer.com

FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
6 months ago Bleepingcomputer.com

The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
6 months ago Bleepingcomputer.com

BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
6 months ago Krebsonsecurity.com

Law Firms and Legal Departments Get Singled Out For Cyberattacks - Cyberattackers are doubling down on their attacks against law firms and corporate legal departments, moving beyond their historical activity of hacking and leaking secrets to targeting the sector with financial attacks, such as ransomware and ...
7 months ago Darkreading.com

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
6 months ago Helpnetsecurity.com

BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
6 months ago Securityweek.com

DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
6 months ago Securityboulevard.com

ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
6 months ago Bleepingcomputer.com

BlackCat Rises: Infamous Ransomware Gang Defies Law Enforcement - Despite law enforcement efforts to take-down the notorious ALPHV/BlackCat ransomware gang the threat actors are not going down without a fight. Latest developments have shown that the site that was supposedly 'taken down' by the FBI has now been ...
6 months ago Infosecurity-magazine.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
3 months ago Bleepingcomputer.com

Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
6 months ago Darkreading.com

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
6 months ago Securityweek.com

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
6 months ago Bleepingcomputer.com

LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
6 months ago Bleepingcomputer.com

Law Enforcement Confirms BlackCat Take Down, Decryption Key Offered to - The takedown of the ALPHV/BlackCat ransomware group's leak site has been confirmed as a result of global law enforcement action. The FBI is now urging over 500 of the group's victims to come forward to receive a decryption key that will enable them ...
6 months ago Infosecurity-magazine.com

BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
7 months ago Bleepingcomputer.com

How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
6 months ago Bleepingcomputer.com

FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
6 months ago Bleepingcomputer.com

The Top 5 Ransomware Takedowns - Learn about the recent achievements in the fight against ransomware as law enforcement agencies and cybersecurity organizations successfully disrupt operations, seize infrastructure, and safeguard victims from further attacks. Trigona ransomware, a ...
6 months ago Securityboulevard.com

Healthcare giant Henry Schein hit twice by BlackCat ransomware - American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with ...
7 months ago Bleepingcomputer.com

Ragnar Locker ransomware developer arrested in France - Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation. Authorities from France, the Czech Republic, Germany, Italy, Latvia, the ...
7 months ago Bleepingcomputer.com

How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
6 months ago Techtarget.com

Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
6 months ago Go.theregister.com

Latest Cyber News

CVE-2024-37528 - 3 hours ago
CVE-2024-31897 - 3 hours ago
CVE-2024-38330 - 4 hours ago
CVE-2024-39723 - 5 hours ago
CVE-2024-5711 - 6 hours ago
CVE-2024-6539 - 7 hours ago
CVE-2024-6229 - 14 hours ago
CVE-2024-40614 - 15 hours ago
CVE-2024-40605 - 1 day ago
CVE-2024-40604 - 1 day ago
CVE-2024-40603 - 1 day ago
CVE-2024-40602 - 1 day ago
CVE-2024-40601 - 1 day ago
CVE-2024-40600 - 1 day ago
CVE-2024-40599 - 1 day ago
CVE-2024-40598 - 1 day ago
CVE-2024-40596 - 1 day ago
CVE-2024-40597 - 1 day ago
CVE-2024-6095 - 1 day ago
CVE-2024-37554 - 1 day ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 7 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-5711 - 6 hours ago
CVE-2024-39723 - 5 hours ago
CVE-2024-38330 - 4 hours ago
CVE-2024-37528 - 3 hours ago
CVE-2024-31897 - 3 hours ago
CVE-2024-6539 - 7 hours ago
CVE-2024-6229 - 14 hours ago
CVE-2024-40614 - 15 hours ago
CVE-2024-40605 - 1 day ago
CVE-2024-40604 - 1 day ago
CVE-2024-40603 - 1 day ago
CVE-2024-40602 - 1 day ago
CVE-2024-40601 - 1 day ago
CVE-2024-40600 - 1 day ago
CVE-2024-40599 - 1 day ago
CVE-2024-40598 - 1 day ago
CVE-2024-40596 - 1 day ago
CVE-2024-40597 - 1 day ago
CVE-2024-6095 - 1 day ago
CVE-2024-37553 - 1 day ago