Feds Snarl ALPHV/BlackCat Ransomware Operation

After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network.
Experts speculate this could be a wrap for the ransomware group just in time for the holidays - sending its leadership into retirement and affiliates to try and find a new operator.
The FBI is also offering a free decryptor that it developed to help the more than 500 ALPHV/BlackCat victims it has identified to recover their systems.
According to the FBI warrant to search BlackCat property, unsealed today along with a DoJ announcement on the takedown, law enforcement was able to infiltrate the BlackCat operation with help from a confidential human source who applied with the group to become an affiliate.
The informant was granted credentials to the ransomware group's dashboard used to manage breaches, extortion demands, and payments, giving law enforcement a way into the operation, the warrant said.
It could be that the cops were working another angle.
Yelisey Bohuslavskiy, chief research officer with RedSense, was among the first to publicly confirm that the BlackCat system outages were the result of law enforcement efforts, back on Dec. 8.
There's also the goal of undermining profitability for cybercrime gangs.
McPherson added that law-enforcement organizations accept that it might not be realistic to expect a takedown to totally dismantle sophisticated cybercrime rings like BlackCat.
Successful disruption of a group like BlackCat also signals to both current and potential victims that when they are breached by ransomware, there are viable alternatives to paying the extortion, McPherson says.
BlackCat's Ransomware Future Bleak If history is any indicator, Bohuslavskiy is dubious the ALPHV/BlackCat operation will be able to recover from this takedown in any meaningful way.
Making it easier to retire than continue the ransomware operation is precisely what the FBI was hoping to accomplish with the BlackCat/ALPHV operation.

This Cyber News was published on www.darkreading.com. Publication date: Tue, 19 Dec 2023 23:50:24 +0000

Cyber News related to Feds Snarl ALPHV/BlackCat Ransomware Operation

#StopRansomware: ALPHV Blackcat - The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are releasing this joint CSA to disseminate known IOCs and TTPs associated with the ALPHV Blackcat ransomware as a service identified through FBI ...
11 months ago Cisa.gov

Feds Snarl ALPHV/BlackCat Ransomware Operation - After nearly two weeks of speculation, the US Department of Justice has claimed credit for the takedown of ALPHV/BlackCat leak sites and infiltrating the ransomware group's network. Experts speculate this could be a wrap for the ransomware group just ...
11 months ago Darkreading.com

LockBit ransomware now poaching BlackCat, NoEscape affiliates - The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. Last week, the NoEscape and the BlackCat/ALPHV ransomware operation's Tor websites suddenly ...
11 months ago Bleepingcomputer.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com

FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
11 months ago Bleepingcomputer.com

FBI disrupts Blackcat ransomware operation, creates decryption tool - The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. On December 7th, BleepingComputer first reported that the ALPHV, aka ...
11 months ago Bleepingcomputer.com

BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
11 months ago Krebsonsecurity.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com

Feds seize AlphV/BlackCat domain but gang powers on The Register - The US Justice Department is passing a decryptor to more than 500 victims of AlphV/BlackCat's ransomware following a disruption campaign. It believes the decryptor, which will allow victims to recover from ransomware for free, will prevent $68 ...
11 months ago Go.theregister.com

BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks - The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily. Manchkin enables BlackCat to run on remote systems or encrypt remote Server ...
11 months ago Bleepingcomputer.com

ALPHV ransomware site outage rumored to be caused by law enforcement - A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours. The ALPHV negotiation and data leak sites suddenly became unavailable yesterday and continue to remain down today. ...
11 months ago Bleepingcomputer.com

ALPHV claims cyberattacks on Prudential Financial, LoanDepot The Register - The ALPHV/BlackCat ransomware group is claiming responsibility for attacks on both Prudential Financial and LoanDepot, making a series of follow-on allegations against them. Neither company has had any of their stolen data leaked at this stage, ...
9 months ago Go.theregister.com

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website - The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown. The Tor-based BlackCat/Alphv leak site has been inaccessible since December ...
11 months ago Securityweek.com

The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
11 months ago Bleepingcomputer.com

How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
11 months ago Bleepingcomputer.com

DOJ Seizes Ransomware Site as BlackCat Threatens More Attacks - U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data ...
11 months ago Securityboulevard.com

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims - The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ...
11 months ago Helpnetsecurity.com

The law enforcement operations targeting cybercrime in 2023 - In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. While some of these operations were more successful ...
10 months ago Bleepingcomputer.com

BlackCat Strikes Back: Ransomware Gang "Unseizes" Website, Vows No Limits on Targets - The BlackCat ransomware group, also known as Alphv, has started taking action in response to the recently announced law enforcement operation that involved website seizures and the release of a decryption tool. BlackCat's Tor-based leak website ...
11 months ago Securityweek.com

FBI Disrupts BlackCat Ransomware Threat Group Activity - The U.S. Justice Department announced on December 19th that the Federal Bureau of Investigations had disrupted the BlackCat ransomware threat group's activity. The FBI offered a decryption tool to more than 500 affected victims. They also encourage ...
11 months ago Heimdalsecurity.com

US offering $15m for info on ALPHV/Blackcat ransomware crew The Register - Infosec in brief The US government is offering bounties up to $15 million as a reward for anyone willing to help it take out the APLHV/Blackcat ransomware gang. ALPHV has made a habit of going after critical infrastructure targets, and last week ...
9 months ago Go.theregister.com

ALPHV ransomware claims loanDepot, Prudential Financial breaches - The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. The two companies were added to ALPHV's dark web leak site today, with the threat ...
9 months ago Bleepingcomputer.com

LockBit is Recruiting Members of ALPHV/BlackCat and NoEscape Ransomware Outfit - Recruiting affiliates and developers from the troubled BlackCat/ALPHV and NoEscape ransomware operations is one of the calculated steps being taken by the LockBit ransomware group. An ideal opportunity emerged for LockBit to expand its network due to ...
11 months ago Cysecurity.news

US offers up to $15 million for tips on ALPHV ransomware gang - The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. An additional $5 million bounty is also available for tips on individuals ...
9 months ago Bleepingcomputer.com

FBI Seized ALPHV/Blackcat Ransomware Dark Web Site - Law enforcement agencies, including the FBI, the U.S. Department of Justice, and several European security organizations working under Europol, have successfully taken down the website belonging to the notorious cybercriminal ALPHV, also known as ...
11 months ago Cybersecuritynews.com

Latest Cyber News

CVE-2024-52739 - 16 hours ago
CVE-2018-9483 - 16 hours ago
CVE-2018-9485 - 16 hours ago
CVE-2018-9487 - 16 hours ago
CVE-2018-9470 - 16 hours ago
CVE-2018-9472 - 16 hours ago
CVE-2018-9477 - 16 hours ago
CVE-2024-11492 - 17 hours ago
CVE-2024-52770 - 17 hours ago
CVE-2024-52796 - 17 hours ago
CVE-2024-52769 - 17 hours ago
CVE-2024-51162 - 17 hours ago
CVE-2024-52725 - 17 hours ago
CVE-2024-11491 - 17 hours ago
CVE-2024-11490 - 18 hours ago
CVE-2024-11488 - 18 hours ago
CVE-2024-11486 - 18 hours ago
CVE-2024-11487 - 18 hours ago
CVE-2024-11485 - 18 hours ago
CVE-2024-52471 - 19 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-52282 - 2 days ago
CVE-2024-11278 - 1 day ago
CVE-2024-9653 - 1 day ago
CVE-2024-10515 - 1 day ago
CVE-2024-52614 - 1 day ago
CVE-2024-9239 - 1 day ago
CVE-2024-10855 - 1 day ago
CVE-2024-10899 - 1 day ago
CVE-2024-10900 - 1 day ago
CVE-2024-11277 - 1 day ago
CVE-2024-48895 - 1 day ago
CVE-2024-47865 - 1 day ago
CVE-2024-52033 - 1 day ago
CVE-2024-11176 - 1 day ago
CVE-2024-10126 - 1 day ago
CVE-2024-10127 - 1 day ago
CVE-2024-11179 - 1 day ago
CVE-2024-11494 - 1 day ago
CVE-2024-10665 - 1 day ago
CVE-2024-10891 - 1 day ago