FBI VS. ALPHV/Blackcat: cybergang fights back

Seizure and decryption tool The Department of Justice recently published a press release stating that the FBI, supported by multiple government agencies in Europe, has been able to seize the official website of a cyber gang called BlackCat, also known as ALPHV and Noberus.
The criminal organization and its affiliates are responsible for some of the most high-profile cyber-attacks in the USA in 2023.
Their illegal actions have caused damages worth hundreds of millions of dollars.
The government agency not only managed to take the website down but also released a free decryption tool.
This tool helps organizations deal with files infected by the ransomware-as-a-service group.
The FBI-developed tool has been able to help hundreds of affected organizations worldwide, saving approximately $68 million in ransom requests.
FBI also stated they have gained visibility into the cyber gang's computer network.
The government believes such steps could eventually dismantle the ecosystem that fuels this ransomware cybercrime.
Sadly, cyber organizations often tend to move faster than law enforcement agencies, as BlackCat adapted pretty quickly to the new rules set by the FBI. Bleeping Computer reported that BlackCat has managed to 'reseize' its website multiple times.
The ransomware group's website isn't in operation as the FBI and BlackCat go back and forth, claiming the URL from each other.
It is unknown if this battle will end soon, but the criminal organization might have to rebrand to continue operating.
BlackCat has started promoting a new URL as their future home.
In a statement to Bleeping Computer, the hackers also said that they no longer avoid critical infrastructure and now allow their affiliates to target any organization they want, including power plants and hospitals.
The only organizations that appear to be safe from hacker attacks are companies located in countries that used to belong to the now-defunct Soviet Union.
The hacker organization also claimed that the actions of the FBI might have saved hundreds of organizations but have also caused thousands of others never to receive a decryption key, even if ransom demands are met.
Ransomware-as-a-service operators continue to be a threat.
Even though Western law enforcement agencies sometimes manage to take them down.
Real criminals are rarely captured and held to justice so they simply resurface under a new brand name.
The criminals are also often located in countries that are not very cooperative when it comes to requests from the USA justice system and its allies.
With hackers saying that their malicious code could be deployed anywhere and on anyone, having reliable antivirus software on all connected devices is an absolute must.


This Cyber News was published on www.pandasecurity.com. Publication date: Tue, 02 Jan 2024 13:13:05 +0000


Cyber News related to FBI VS. ALPHV/Blackcat: cybergang fights back

#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
1 year ago Cisa.gov
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com
FBI VS. ALPHV/Blackcat: cybergang fights back - Seizure and decryption tool The Department of Justice recently published a press release stating that the FBI, supported by multiple government agencies in Europe, has been able to seize the official website of a cyber gang called BlackCat, also ...
11 months ago Pandasecurity.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
11 months ago Bleepingcomputer.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
1 year ago Darkreading.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
1 year ago Helpnetsecurity.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
1 year ago Bleepingcomputer.com
FBI Disrupts BlackCat Ransomware Threat Group Activity - The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage ...
1 year ago Heimdalsecurity.com
Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
1 year ago Go.theregister.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
1 year ago Bleepingcomputer.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
1 year ago Securityboulevard.com
FBI Seized ALPHV/Blackcat Ransomware Dark Web Site - Law enforcement agencies, including the FBI, the U.S. Department of Justice, and several European security organizations working under Europol, have successfully taken down the website belonging to the notorious cybercriminal ALPHV, also known as ...
1 year ago Cybersecuritynews.com
ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
10 months ago Go.theregister.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
10 months ago Go.theregister.com
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
1 year ago Securityweek.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
1 year ago Bleepingcomputer.com
FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
10 months ago Go.theregister.com
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
10 months ago Bleepingcomputer.com
Law Enforcement Confirms BlackCat Take Down, Decryption Key Offered to - The takedown of the ALPHV/BlackCat ransomware group's leak site has been confirmed as a result of global law enforcement action. The FBI is now urging over 500 of the group's victims to come forward to receive a decryption key that will enable them ...
1 year ago Infosecurity-magazine.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
1 year ago Securityweek.com
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - The notorious ALPHV/BlackCat ransomware has been observed using Google Ads to distribute malware. The gang, responsible for the $100m MGM Resorts breach and leaking sensitive images of breast cancer patients, has expanded its attack methods to ...
1 year ago Infosecurity-magazine.com
LockBit is Recruiting Members of ALPHV/BlackCat and NoEscape Ransomware Outfit - Recruiting affiliates and developers from the troubled BlackCat/ALPHV and NoEscape ransomware operations is one of the calculated steps being taken by the LockBit ransomware group. An ideal opportunity emerged for LockBit to expand its network due to ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)