FBI disrupts Blackcat ransomware operation, creates decryption tool

The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys.
On December 7th, BleepingComputer first reported that the ALPHV, aka BlackCat, websites suddenly stopped working, including the ransomware gang's Tor negotiation and data leak sites.
While the ALPHV admin claimed it was a hosting issue, BleepingComputer learned it was related to a law enforcement operation.
Today, the Department of Justice confirmed our reporting, stating that the FBI conducted a law enforcement operation that allowed them to gain access to ALPHV's infrastructure.
With this access, the FBI silently monitored the ransomware operation for months, siphoning decryption keys and sharing them with over 500 victims so that they did not have to pay a ransom for a decryptor.
The FBI says they have created a decryption tool to allow other victims to recover their files for free.
Impacted companies should contact their local FBI field office for information on how to gain access to the decryptor.
The FBI has seized the website URL for the ransomware operation's data leak site, which now displays a seizure message stating that it was seized in an international law enforcement operation.
Ever since the disruption to ALPHV's servers, affiliates have been losing trust in the operation, with BleepingComputer learning that they have been contacting victims directly via email rather than using the gang's Tor negotiation site.
This was likely due to the threat actors believing that the ALPHV infrastructure had been compromised by law enforcement, putting them at risk if they used it.
The LockBit ransomware operation has also seen this disruption as an early holiday gift, telling affiliates they can move to his operation to continue negotiating with victims.
This ransomware operation has operated under multiple names over the years and has been breached by law enforcement each time.
They initially launched as DarkSide in August 2020 and then shut down in May 2021 after facing intense pressure from law enforcement operations caused by the gang's widely publicized attack on Colonial Pipeline.
The ransomware operation later returned as BlackMatter on July 31st but, once again, shut down in November 2021 after Emsisoft exploited a weakness to create a decryptor and servers were seized.
The gang returned again in November 2021, this time under the name BlackCat/ALPHV. Since then, the ransomware gang has constantly evolved its extortion tactics and taking the unusual approach of partnering with English-speaking affiliates.
Due to this law enforcement operation, we will likely see the ransomware gang rebrand again under a different name.
ALPHV ransomware site outage rumored to be caused by law enforcement.
LockBit ransomware now poaching BlackCat, NoEscape affiliates.
Norton Healthcare discloses data breach after May ransomware attack.
HTC Global Services confirms cyberattack after data leaked online.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 19 Dec 2023 14:20:22 +0000


Cyber News related to FBI disrupts Blackcat ransomware operation, creates decryption tool

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
10 months ago Bleepingcomputer.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
10 months ago Krebsonsecurity.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
10 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
10 months ago Bleepingcomputer.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
10 months ago Cisa.gov
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
10 months ago Securityboulevard.com
FBI Disrupts BlackCat Ransomware Threat Group Activity - The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage ...
10 months ago Heimdalsecurity.com
The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
10 months ago Bleepingcomputer.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
10 months ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
7 months ago Bleepingcomputer.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
10 months ago Darkreading.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
10 months ago Securityweek.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
10 months ago Helpnetsecurity.com
FBI VS. ALPHV/Blackcat: cybergang fights back - Seizure and decryption tool The Department of Justice recently published a press release stating that the FBI, supported by multiple government agencies in Europe, has been able to seize the official website of a cyber gang called BlackCat, also ...
10 months ago Pandasecurity.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
11 months ago Bleepingcomputer.com
US Gov Disrupts BlackCat Ransomware Operation; FBI Releases Decryption Tool - The US government on Tuesday announced the disruption of the notorious BlackCat ransomware-as-a-service operation and released a decryption tool to help organizations recover hijacked data. The Justice Department said the disruption of BlackCat, also ...
10 months ago Securityweek.com
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
11 months ago Bleepingcomputer.com
FBI Seized ALPHV/Blackcat Ransomware Dark Web Site - Law enforcement agencies, including the FBI, the U.S. Department of Justice, and several European security organizations working under Europol, have successfully taken down the website belonging to the notorious cybercriminal ALPHV, also known as ...
10 months ago Cybersecuritynews.com
Law Enforcement Confirms BlackCat Take Down, Decryption Key Offered to - The takedown of the ALPHV/BlackCat ransomware group's leak site has been confirmed as a result of global law enforcement action. The FBI is now urging over 500 of the group's victims to come forward to receive a decryption key that will enable them ...
10 months ago Infosecurity-magazine.com
ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
10 months ago Bleepingcomputer.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
11 months ago Wired.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
11 months ago Bleepingcomputer.com
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
10 months ago Securityweek.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)