Feds seize AlphV/BlackCat domain but gang powers on The Register

The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign.
It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 million in ransom payments from being made.
The announcement comes hours after BlackCat's old leak site was defaced with a seizure notice indicating an FBI-led operation was responsible for bringing it down.
Seizure notice placed by the FBI on AlphV/BlackCat's old leak site.
The operation was carried out in partnership with authorities from the UK, Australia, and Europol, who have together said those who come forward with information about BlackCat, its affiliates, or its activities, may be eligible for a reward.
The ransomware giant's most recent website remains operational and has posted new victims in the past few hours at the time of writing, which raises questions about the extent to which the disruption campaign has achieved its objectives.
It's a confusing turn of events that leaves the state of AlphV/BlackCat's survival up in the air.
The Register is expecting further input from the UK's National Crime Agency and will update the article when new information becomes available.
Speaking to vx-underground, a group that collects malware source code and samples, an AlphV/BlackCat spokesperson said it's in the process of moving its servers and leak blog.
The seizure follows a rare period of downtime for the ransomware gang's leak blog that started on December 7 and persisted for more than two days before coming back with all victims erased.
The domain has not changed but Yelisey Bohuslavkiy, chief research officer at threat intelligence company RedSense, said at the time that BlackCat's affiliates and initial access brokers were convinced the outage was caused by a law enforcement takedown.
Bohuslavkiy went on to say that leaders at rival ransomware outfits were also of the same opinion before he highlighted the lack of an explanation provided by BlackCat.
Brett Callow, threat analyst at Emsisoft, told The Register that the seizure likely marks the end of the AlphV group as the industry knows it, but like others before, the group will probably return under a new guise.


This Cyber News was published on go.theregister.com. Publication date: Tue, 19 Dec 2023 16:43:05 +0000


Cyber News related to Feds seize AlphV/BlackCat domain but gang powers on The Register

#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
11 months ago Cisa.gov
Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
11 months ago Go.theregister.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
11 months ago Krebsonsecurity.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
11 months ago Bleepingcomputer.com
ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
9 months ago Go.theregister.com
Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
11 months ago Darkreading.com
LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
11 months ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
11 months ago Bleepingcomputer.com
US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
9 months ago Go.theregister.com
Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
11 months ago Helpnetsecurity.com
BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
11 months ago Bleepingcomputer.com
ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
9 months ago Bleepingcomputer.com
ALPHV/BlackCat Ransomware Gang Targets Businesses Via Google Ads - The notorious ALPHV/BlackCat ransomware has been observed using Google Ads to distribute malware. The gang, responsible for the $100m MGM Resorts breach and leaking sensitive images of breast cancer patients, has expanded its attack methods to ...
11 months ago Infosecurity-magazine.com
ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
11 months ago Bleepingcomputer.com
FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
9 months ago Go.theregister.com
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
11 months ago Securityweek.com
US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
9 months ago Bleepingcomputer.com
BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
11 months ago Securityweek.com
DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
11 months ago Securityboulevard.com
LockBit is Recruiting Members of ALPHV/BlackCat and NoEscape Ransomware Outfit - Recruiting affiliates and developers from the troubled BlackCat/ALPHV and NoEscape ransomware operations is one of the calculated steps being taken by the LockBit ransomware group. An ideal opportunity emerged for LockBit to expand its network due to ...
11 months ago Cysecurity.news
FBI Disrupts BlackCat Ransomware Threat Group Activity - The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage ...
11 months ago Heimdalsecurity.com
BlackCat threatens to directly extort vendor's customers The Register - The criminals believe their chances of getting an extortion payment from Tipalti directly are slim, based on their apparent understanding that Tipalti's cyber insurance policy doesn't cover extortion and - or so it claims - an evaluation of its ...
11 months ago Go.theregister.com
BlackCat threatens to directly extort vendor's customers The Register - The criminals believe their chances of getting an extortion payment from Tipalti directly are slim, based on their apparent understanding that Tipalti's cyber insurance policy doesn't cover extortion and - or so it claims - an evaluation of its ...
11 months ago Theregister.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)