FBI Disrupts BlackCat Ransomware Threat Group Activity

The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity.
The FBI offered a decryption tool to more than 500 affected victims.
They also encourage potentially unknown BlackCat/ ALPHV victims to speak up.
While the event is largely discussed across the cybersecurity world, I'll resume the essential facts about what happened.
BlackCat, aka ALPHV, and Noberus appeared in December 2021 and became the second most productive ransomware-as-a-service.
It has developers that create ransomware and a spreading infrastructure, while affiliates target and attack victims.
They steal sensitive data before encryption, then demand ransom for decryption.
If victims refuse to pay, BlackCat publishes the stolen data on a dark web leak site.
According to FBI, during the last three months alone ALPHV Blackcat affiliates have compromised over 1000 entities.
The attackers asked for more than $500 million total ransom.
With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online.
We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.
BlackCat is still operating, so they'll probably keep launching ransomware attacks.
On December 19th, CISA and FBI issued a joint advisory announcing they have updated the FBI FLASH BlackCat/ALPHV Ransomware Indicators of Compromise.
The document was initially released on April 19th, 2022.
The advisory also contains safety recommendations against ransomware.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you'll actually want to read directly in your inbox.


This Cyber News was published on heimdalsecurity.com. Publication date: Wed, 20 Dec 2023 21:43:04 +0000


Cyber News related to FBI Disrupts BlackCat Ransomware Threat Group Activity

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
1 year ago Cisa.gov
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com LockBit Noescape
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
1 year ago Securityboulevard.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com LockBit Noescape
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
8 months ago Securelist.com
FBI Disrupts BlackCat Ransomware Threat Group Activity - The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage ...
1 year ago Heimdalsecurity.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
1 year ago Helpnetsecurity.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
1 year ago Darkreading.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
1 year ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com LockBit Noescape
FBI Seized ALPHV/Blackcat Ransomware Dark Web Site - Law enforcement agencies, including the FBI, the U.S. Department of Justice, and several European security organizations working under Europol, have successfully taken down the website belonging to the notorious cybercriminal ALPHV, also known as ...
1 year ago Cybersecuritynews.com
NCC Group records the most ransomware victims ever in 2023 - While coordinated law enforcement action and government initiatives helped in the fight against ransomware last year, NCC Group still recorded an 84% increase in attacks during 2023. The report included data from NCC Group's Cyber Incident Response ...
1 year ago Techtarget.com Rocke 8base LockBit BianLian Medusa
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
1 year ago Cybersecuritynews.com LockBit BianLian Everest Ragnar Locker Black Basta
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
1 year ago Bleepingcomputer.com LockBit Noescape
FBI VS. ALPHV/Blackcat: cybergang fights back - Seizure and decryption tool The Department of Justice recently published a press release stating that the FBI, supported by multiple government agencies in Europe, has been able to seize the official website of a cyber gang called BlackCat, also ...
1 year ago Pandasecurity.com
Law Enforcement Confirms BlackCat Take Down, Decryption Key Offered to - The takedown of the ALPHV/BlackCat ransomware group's leak site has been confirmed as a result of global law enforcement action. The FBI is now urging over 500 of the group's victims to come forward to receive a decryption key that will enable them ...
1 year ago Infosecurity-magazine.com LockBit
Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
1 year ago Go.theregister.com