The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign.
It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 million in ransom payments from being made.
The announcement comes hours after BlackCat's old leak site was defaced with a seizure notice indicating an FBI-led operation was responsible for bringing it down.
Seizure notice placed by the FBI on AlphV/BlackCat's old leak site.
The operation was carried out in partnership with authorities from the UK, Australia, and Europol, who have together said those who come forward with information about BlackCat, its affiliates, or its activities, may be eligible for a reward.
The ransomware giant's most recent website remains operational and has posted new victims in the past few hours at the time of writing, which raises questions about the extent to which the disruption campaign has achieved its objectives.
It's a confusing turn of events that leaves the state of AlphV/BlackCat's survival up in the air.
The Register is expecting further input from the UK's National Crime Agency and will update the article when new information becomes available.
Speaking to vx-underground, a group that collects malware source code and samples, an AlphV/BlackCat spokesperson said it's in the process of moving its servers and leak blog.
The seizure follows a rare period of downtime for the ransomware gang's leak blog that started on December 7 and persisted for more than two days before coming back with all victims erased.
The domain has not changed but Yelisey Bohuslavkiy, chief research officer at threat intelligence company RedSense, said at the time that BlackCat's affiliates and initial access brokers were convinced the outage was caused by a law enforcement takedown.
Bohuslavkiy went on to say that leaders at rival ransomware outfits were also of the same opinion before he highlighted the lack of an explanation provided by BlackCat.
Brett Callow, threat analyst at Emsisoft, told The Register that the seizure likely marks the end of the AlphV group as the industry knows it, but like others before, the group will probably return under a new guise.
This Cyber News was published on go.theregister.com. Publication date: Tue, 19 Dec 2023 16:43:05 +0000