BlackCat/ALPHV Ransomware Site Seized in International Takedown Effort

We Keep you Connected

BlackCat/ALPHV Ransomware Site Seized in International Takedown Effort

BlackCat/ALPHV Ransomware Site Seized in International Takedown Effort
Your email has been sent
The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.
On Dec. 19, the Department of Justice announced the FBI had been working on a disruption campaign against the ransomware group known as ALPHV, Noberus or BlackCat that resulted in the seizure of several of the group’s websites, visibility into their network and a decryption tool that could restore stolen data. International law enforcement agencies from Australia, Denmark, Germany, Spain and the U.K. participated.
Jump to:
ALPHV/BlackCat is a group that has been known for ransomware since 2021. Their ransomware, called by the same name, is written in the Rust programming language. Its ability to customize for different operating systems makes it viable against a wide range of targets. ALPHV/BlackCat operates ransomware-as-a-service, selling its services and running an advertiser ecosystem around them.
“Recent developments have seen the continuation of the ‘cat and mouse’ game between the actor and law enforcement, with an ongoing reseizure of the infrastructure and further threats from the group to remove ‘rules’ on the usage of the ransomware, allowing affiliates to attack hospitals and power plants,” said Simpson.
“We’ve also seen other prolific ransomware groups such as LockBit capitalizing on the disruption to entice former BlackCat members into their operations,” stated Simpson. “This exemplifies the complexity of the ransomware landscape and the challenges inherent in trying to fully wipe out ransomware threats.”
On Dec. 19, BlackCat’s leak site on the dark web was seized and closed; however, by the evening of Dec. 19, the ransomware group had “unseized” the site, and ownership of it had become a tug-of-war between the threat actors and the authorities.
The FBI is offering a decryption tool to over 500 victims. So far, organizations have been saved from having to pay about $68 million in ransom demands.
SEE: A new social engineering threat targets recruiters by posing as interested candidates (TechRepublic)
Removing BlackCat’s fangs and its websites would mean the ransomware group would be able to steal less data in the first place and would lose its marketplace for selling that data to black-market buyers.
One of BlackCat’s websites was the “general collection,” which was a searchable database of the stolen data.
“The takedown of the BlackCat/Alphv ransomware operation is a major development in the cybercriminal underground,” said Jim Simpson, director of threat intelligence at Searchlight Cyber, in an email comment provided to TechRepublic. “The (ransomware-as-a-service) group is one of the most prolific and destructive that we track, applying double extortion and even going a step further than other groups by applying pressure on its victims through its ‘general collection.’”
On Dec. 19, Bleeping Computer reported BlackCat’s dark web site had a new message: The website had been “unseized.” BlackCat relaxed most of its rules, specifically outlawing attacks against critical infrastructure or hospitals. The group’s remaining rule is that it will not support attacks against the Commonwealth of Independent States, which is a coalition of former Soviet Union nations, including Russia.
In order to prevent large-scale ransomware attackers from gaining a foothold in business systems, organizations should follow security best practices regarding preventing malicious code execution. The following tips can help organizations avoid ransomware-as-a-service attacks:
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
BlackCat/ALPHV Ransomware Site Seized in International Takedown Effort
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
A successful chief digital officer drives their organization’s digital transformation and creates value while rationalizing business processes and the customer experience. This hiring kit from TechRepublic Premium provides a workable framework you can use to find the best CDO for your organization. From the hiring kit: EDUCATION AND EXPERIENCE Candidates must have a degree in …
With the increasing reliance on complex and global supply chains, more companies are exposed to a wide range of risks, including theft, counterfeiting, cyberattacks, natural disasters, geopolitical conflicts and regulatory changes. These hazards can disrupt operations, compromise the quality and safety of products and erode customer trust. So, to remain competitive and resilient, it is …
Cyber scams pose a significant threat to organizations of all sizes, regardless of their industry or geographic location. This article from TechRepublic Premium digs into the nature of these scams while also highlighting the measures organizations can take to shield their employees from becoming victims. From the download: ESTABLISH STRONG PASSWORD POLICIES AND LEAST PRIVILEGED …
Virtual reality and augmented reality are concepts which have attracted plenty of interest in both consumer and business operations. Both have shown incredible potential and versatility across a wide range of applications. The purpose of this policy from TechRepublic Premium is to provide guidelines for the appropriate business usage of VR and AR. It includes …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE