An international group of law enforcement groups has taken down the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat.
"The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware," a message currently reads on the gang's dark web leak site.
According to the press release, law enforcement agencies from the United Kingdom, Denmark, Germany, Spain, and Australia were also involved in the takedown operation.
The US Department of Justice later confirmed the disruption, stating that the global takedown effort, led by the FBI, allowed US officials to obtain visibility into the ransomware group's computer and seize "several websites" that ALPHV operated.
Additionally, the FBI released a decryption tool that has already assisted over 500 victims of the ALPHV ransomware patch their systems. (The number of victims is 400 according to the government's search warrant.) The tool assisted several victims in the US and prevented them from having to pay ransom demands that came to around $68 million.
According to the government's notification, ALPHV stole hundreds of millions of dollars by breaking into the networks of over a thousand victims worldwide. The gang has targeted vital infrastructure in the United States, including government structures, emergency services, defence industrial base companies, critical manufacturing, healthcare and public health facilities, and other businesses, educational institutions, and governmental entities.
The FBI said it worked with a “confidential human source” linked to the ransomware gang, which granted agents access to the ALPHV/BlackCat affiliate panel that the gang used to manage its victims, according to the government's search warrant.
The State Department previously stated that it will reward those who offer insights "about Blackcat, their affiliates, or activities.”
“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” stated U.S. deputy attorney general Lisa Monaco in remarks. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and healthcare and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
In recent years, the ALPHV/BlackCat ransomware group has been one of the most active and devastating. ALPHV, which is believed to be a successor to the now-defunct sanctioned REvil hacking gang, claims to have infiltrated a number of high-profile victims, including news-sharing site Reddit, healthcare provider Norton, and the United Kingdom's Barts Health NHS Trust.
The group's tactics have become more violent in recent months. The ALPHV filed a first-of-its-kind complaint with the U.S. Securities and Exchange Commission (SEC) in November, alleging that digital lending provider MeridianLink failed to disclose "a significant breach compromising customer data and operational information," which the gang claimed responsibility for.