BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets

The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool.
BlackCat's Tor-based leak website became inaccessible on December 7, sparking theories that the cybercrime operation may have been targeted by law enforcement.
While the hackers initially described the outage as the result of a hardware failure, the US government confirmed on Tuesday that a law enforcement operation supported by several allies was responsible for the seizure of several websites used by BlackCat.
The Justice Department said the ransomware group targeted more than 1,000 entities, but through its recent efforts it managed to create a decryption tool that could help more than 500 victims restore their systems without paying a ransom.
The cybercriminals announced setting up a new leak website, which currently displays the names of six alleged victims.
They posted a message in Russian describing the steps they are taking in retaliation.
The group said only CIS countries, which includes Russia and some of its neighbors, are now off limits, with affiliates being allowed to target any type of organization in any other country, including nuclear power plants and hospitals.
The group previously vowed not to target hospitals and emergency services.
The cybercriminals also attempted to downplay the impact of the law enforcement operation, saying that only decryption keys for the last month and a half were obtained, which can be used by roughly 400 companies, but said more than 3,000 other victims will never be able to recover files.
They will stop offering victims any discounts on the ransom amount.
Instead, they possess a signing key that enables them to assign the.
Both the cybercriminals and the FBI appear to have the key and in the past 24 hours they have taken turns controlling what is displayed on the domain previously used by BlackCat to name and shame victims.
The hackers claimed that, based on the information made public by the Justice Department, authorities gained access to only one of their data centers, either by hacking the hosting provider or by getting it to help out.
A warrant shows that investigators obtained - with the help of an informant who applied to an ad for a BlackCat affiliate position - credentials giving them access to panels used by affiliates and developers to communicate and manage attacks.
As part of the operation, law enforcement obtained 946 Tor public/private key pairs giving them access to victim communication sites, sites hosting stolen victim data, and affiliate panels.
The news of law enforcement accessing affiliate panels could drive away many of the BlackCat affiliates.
In an effort to prevent an exodus, the cybercriminals announced that affiliates will be allowed to retain 90% of the ransom payments they get, with 'VIP' affiliates being offered a private program on separate, isolated data centers.
Security expert Will Thomas also believes affiliates will switch to LockBit and other ransomware-as-a-service operations, and predicts that BlackCat will likely take a break and rebrand.
LockBit has even invited BlackCat ransomware developers to collaborate on source code.
The US government is offering up to $10 million in rewards for information on BlackCat operators or their affiliates.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 20 Dec 2023 15:43:05 +0000


Cyber News related to BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets

BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
10 months ago Securityweek.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
10 months ago Cisa.gov
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
10 months ago Krebsonsecurity.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
11 months ago Bleepingcomputer.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
10 months ago Securityboulevard.com
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
10 months ago Securityweek.com
Ransomware Revealed: From Attack Mechanics to Defense Strategies - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
10 months ago Offsec.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
10 months ago Bleepingcomputer.com
OffSec Yearly Recap 2023 - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
10 months ago Offsec.com
Unveiling the OWASP Top 10:2021 Learning Path - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
9 months ago Offsec.com
The Essential Guide to Incident Response and Cyber Resilience - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
9 months ago Offsec.com
Secure coding training for robust software 2024 - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
8 months ago Offsec.com
Cybersecurity training aligned with the MITRE ATT&CK framework - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
7 months ago Offsec.com
Cloud security training: Build secure cloud systems - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Preference cookies enable a website to remember information that changes the way the website behaves or looks, ...
7 months ago Offsec.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
10 months ago Darkreading.com
Proactive Threat Detection: Introducing Threat Hunting Essentials - Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. Session HTTP cfuvid [x5] discord.comHubspotVimeozoominfo.com This cookie is a part of the services provided by ...
6 months ago Offsec.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
10 months ago Helpnetsecurity.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
10 months ago Bleepingcomputer.com
Healthcare giant Henry Schein hit twice by BlackCat ransomware - American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with ...
11 months ago Bleepingcomputer.com
US govt probes if ransomware gang stole Change Healthcare data - The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group subsidiary Optum, which operates the Change Healthcare platform, in late ...
7 months ago Bleepingcomputer.com
Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
10 months ago Go.theregister.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)