The US government on Tuesday announced the disruption of the notorious BlackCat ransomware-as-a-service operation and released a decryption tool to help organizations recover hijacked data.
The Justice Department said the disruption of BlackCat, also called ALPHV or Noberus, included website takedowns and a new FBI decryption tool to help hundreds of organizations retrieve and restore data.
The agency said the FBI decryptor has been used by dozens of victims in the United States and internationally, saving ransom demands totaling approximately $68 million.
According to a search warrant unsealed today in the Southern District of Florida, law enforcement officials infiltrated the group for several months and used confidential informants to peek at the inner workings of the operation and seized several websites that the group operated.
Over the past 18 months, the agency said BlackCat/ALPHV has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world.
The Justice Department said the BlackCat gang hacked into computer networks across the United States and worldwide, including at US critical infrastructure installations.
Victims include government facilities, emergency services, defense industrial base companies, critical manufacturing, and healthcare and public health facilities - as well as other corporations, government entities, and schools.
The government documented how BlackCat actors used affiliates to exfiltrate or steal sensitive data, then demanding ransom payments in exchange for decrypting the victim's system and not publishing the stolen data.
Earlier this month, the dedicated Tor-based leak website affiliated with BlackCat disappeared from view in what was believed to be a law enforcement operation.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 19 Dec 2023 19:13:05 +0000