The official leak website of the notorious ransomware group known as BlackCat and Alphv has been offline for days and law enforcement is believed to be behind the takedown.
The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7.
Threat intelligence company RedSense reported the following day that the website was taken down by law enforcement.
RedSense also learned that the cybercriminals expect everything to be restored soon, which suggests that the impact on their operation and infrastructure was limited.
At the time of writing, the BlackCat website has been down for four days.
SOC company ReliaQuest pointed out that the group's site does have a history of connectivity issues and outages.
This seems to be one of the longest - if not the longest - downtime.
No law enforcement agency appears to have released information about an operation targeting BlackCat.
Following the shutdown of the Hive ransomware in January 2023, BlackCat said such a takedown effort would not work against its operation.
According to a recent year-in-review report from Cisco Talos, BlackCat was the second most active group this year, after LockBit.
A BlackFog ransomware report for November shows that BlackCat was as active as LockBit last month.
BlackCat, whose operators appear to be Russian speakers, emerged in late 2021 as a ransomware-as-a-service enterprise, offering up to 90% of ransom payments in an effort to attract affiliates.
Many of the developers and money launderers for BlackCat are said to be linked to the now-defunct Darkside/BlackMatter ransomware.
ReliaQuest said the ransomware operation's leak website listed more than 650 victims before it was shut down.
This Cyber News was published on www.securityweek.com. Publication date: Mon, 11 Dec 2023 11:13:05 +0000