The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity.
The FBI offered a decryption tool to more than 500 affected victims.
They also encourage potentially unknown BlackCat/ ALPHV victims to speak up.
While the event is largely discussed across the cybersecurity world, I'll resume the essential facts about what happened.
BlackCat, aka ALPHV, and Noberus appeared in December 2021 and became the second most productive ransomware-as-a-service.
It has developers that create ransomware and a spreading infrastructure, while affiliates target and attack victims.
They steal sensitive data before encryption, then demand ransom for decryption.
If victims refuse to pay, BlackCat publishes the stolen data on a dark web leak site.
According to FBI, during the last three months alone ALPHV Blackcat affiliates have compromised over 1000 entities.
The attackers asked for more than $500 million total ransom.
With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online.
We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.
BlackCat is still operating, so they'll probably keep launching ransomware attacks.
On December 19th, CISA and FBI issued a joint advisory announcing they have updated the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise.
The document was initially released on April 19th, 2022.
The advisory also contains safety recommendations against ransomware.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you'll actually want to read directly in your inbox.
This Cyber News was published on heimdalsecurity.com. Publication date: Wed, 20 Dec 2023 21:43:04 +0000