U.S. authorities disrupt AlphV/BlackCat ransomware gang, offer decryption tool to victims in a major cybercrime intervention. (Getty Images)
U.S. authorities have confirmed the disruption of the AlphV/BlackCat ransomware gang, seizing their data leak and communications platforms and releasing a decrypter to restore victims' data access. This move followed a week of silence on the gang's site, leading to speculations of intervention.
Deputy Attorney General Lisa Monaco stated that by disrupting the BlackCat group, the Justice Department had countered the hackers. The FBI provided a decryption tool to around 400 victims globally, enabling affected businesses, schools, and essential services to resume operations.
However, a seized site resurfaced with a message claiming law enforcement had accessed their blog. The gang acknowledged aiding 400 companies but asserted their inability to help over 3,000 other victims. They removed constraints on affiliates' actions, potentially endangering sensitive organizations.
International law enforcement, including agencies from Germany, Denmark, and Europol, collaborated in the operation. The FBI highlighted AlphV/BlackCat as the world's second most active ransomware, responsible for multimillion-dollar ransoms, including the MGM Resort Las Vegas attack.
Ilia Kolochenko, CEO of ImmuniWeb, praised the joint effort but cautioned that seizures might not suffice, citing forums reemerging after takedowns. He emphasized the necessity of a global cybercrime convention amid geopolitical uncertainties.
The warning coincides with upcoming negotiations on an international cybercrime treaty. Concerns were raised by the Cybersecurity Tech Accord, arguing that the draft could undermine cybersecurity and online freedoms.
Brett Callow, a threat researcher at Emsisoft, viewed the disruption as a setback for AlphV, impacting its reputation and future operations. However, he anticipated the individuals behind AlphV might resurface under a different guise.
FBI's actions were supported by a confidential source, who responded to the gang's public affiliate recruitment and obtained access to BlackCat's system, aiding in collecting key pairs for their Tor-hosted sites.
