An international team of law enforcement agencies has taken down the dark web leaking the infamous ransomware known as ALPHV or BlackCat.
“The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against the ALPHV Blackcat Ransomware,” a message on the gang’s darkweb leak site, seen by TechCrunch, now reads.
According to splash, the takedown operation also involved law enforcement agencies from the UK, Denmark, Germany, Spain and Australia.
In a subsequent announcement confirming the interruptionthe US Department of Justice said the FBI-led international takedown effort allowed US authorities to gain visibility into the ransomware group’s computer to take down “several websites” operated by ALPHV.
The FBI also released a decryption tool that has already allowed more than 500 ALPHV ransomware victims to restore their systems. (The government search warrant puts the number at 400 victims.) The FBI said it cooperated with dozens of victims in the United States, saving them from paying ransoms totaling about $68 million.
The government’s statement says ALPHV breached the networks of more than 1,000 victims worldwide to make hundreds of millions of dollars. The gang has targeted critical US infrastructure, including government facilities, emergency services, defense industrial base companies, critical manufacturing and healthcare and public health industries — as well as other companies, schools and government entities, according to the DOJ.
According the government search warrantthe FBI said it worked with a “confidential human source” close to the ransomware gang, who provided agents with credentials to access the ALPHV/BlackCat affiliate list used to manage the gang’s victims.
The Foreign Office previously said it would reward people with information “about Blackcat, its affiliates or its activities”.
“By disrupting the BlackCat ransomware group, the Justice Department has once again hacked hackers,” Deputy US Attorney General Lisa Monaco said in remarks. “With a decryption tool provided by the FBI to hundreds of ransomware victims around the world, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize the holidays and put victims at the heart of our strategy to disrupt the ecosystem that fuels cybercrime.”
Representatives for the FBI and the UK’s National Crime Agency did not respond to TechCrunch’s requests for comment.
Europol spokeswoman Ina Mihaylova confirmed the agency’s involvement in the operation, but declined to comment further.
The ALPHV/BlackCat ransomware gang is one of the most active and destructive in recent years. ALPHV, believed to be the successor to the now-condemned hacking group REvil, claims to have compromised several high-profile victims, including news-sharing site Reddit, healthcare company Norton and the UK’s Barts Health NHS Trust.
In recent months, the team’s tactics have become increasingly aggressive. In November, ALPHV filed a first-of-its-kind complaint with the US Securities and Exchange Commission (SEC), alleging that digital loan provider MeridianLink failed to disclose what the gang called a “significant breach that compromised customer data and operational information. ” for which the gang took credit.
Updated with comments from Europol and additional details from the Ministry of Justice.
