Earlier this week, the US Department of Justice (DoJ) announced that it had seized the ALPHV-BlackCat leak site and had developed a decryption tool for the ALPHV-BlackCat ransomware. The FBI has offered the tool to 500 organizations affected by the ransomware. The threat actors have set up a new website.
This is good news to end the year on. While the criminals claim to have set up an alternative website already, it should not be underestimated the impact this operation will have. Firstly, any servers seized will be forensically examined by law enforcement which in turn should lead to other operations and possible arrests. Secondly, by taking this action law enforcement is sending a clear message to all criminals that they are not untouchable and that law enforcement will come after them. Finally, the disruption and distrust that operations like this have on criminal gangs can be quite effective in undermining their activities. So well done to all involved in this operation.
The Justice Department is ending the year on a high note with the ALPHV-BlackCat takedown. To date, law enforcement has been effective in infrastructure takedowns, international arrests, and recovery of ransomware payouts. Unfortunately, ransomware gangs have also been equally successful in compromising systems and obtaining payouts. Most expect a continuation of ransomware events in 2024, as we haven’t forced criminal gangs to work harder to knock over systems.
Don't count the ALPHV gang out. Their site was seized, unseized and re-seized, during which the gang posted they are relaxing all their rules against one - don't attack the Commonwealth of Independent States (CIS) - everything else, from hospitals to nuclear power plants is fair game as well as offering as much as 90% commissions to affiliates. The good news is the FBI has the decryption key for BlackCat ransomware; the bad news is that won't help with any exfiltrated being held for ransom.
Read more in
Krebs on Security: BlackCat Ransomware Raises Ante After FBI Disruption