FBI Dismantles Connections to Ransomware Gang That Is Making New Threats
Ransomware gang ‘ALPHV’ or ‘Blackcat’ has apparently issued additional threats, implying to attack important infrastructures in the United States. This comes just a few days after the Federal Bureau of Investigation (FBI) revealed that it had taken down the cyber gang’s website and retrieved the files of approximately 500 victims using a decryption tool, as reported by The Verge.
According to recent reports, ALPHV/Blackcat has asserted that it has regained control of its website and that the Federal Bureau of Investigation (FBI) only obtained decryption keys for approximately 400 companies. At the same time, the ransomware gang has not yet completely decrypted the data of more than three thousand victims.
‘ALPHV’ or ‘Blackcat’, a ransomware gang, has reportedly issued fresh threats, hinting that they intend to strike significant infrastructures in the United States. Using a decryption tool, the Federal Bureau of Investigation (FBI) was able to collect the files of around 500 victims, as reported by The Verge. This news comes just a few days after the FBI disclosed that it had taken down the website of the cyber gang.
In recent reports, ALPHV/Blackcat has said that it has restored control of its website and that the Federal Bureau of Investigation (FBI) only received decryption keys for around 400 companies. This information comes from the publications that have been published recently. While this is going on, the ransomware group has not yet decrypted all of the data belonging to more than three thousand victims.
Blackcat Ransomware Gang
According to The Verge, which cites the Department of Justice as its source, ALPHV/Blackcat is a well-known ransomware outfit that has amassed hundreds of millions of dollars in ransom payments from victims all over the world. This has made it the second most widespread ransomware-as-a-service version in the world over the course of the preceding 18 months.
In a separate report, Bleeping Computer makes the assertion that as of September 2023, approximately 250 enterprises were located outside of the United States, while approximately 75% of the organizations that were affected were located within the United States. The Federal Bureau of Investigation (FBI) has reported that ALPHV Blackcat affiliates had demanded ransom payments totaling more than $500 million and had received close to $300 million in response.
In addition, the research reveals that the concept of the gang seems to consist on having its members find targets, launch assaults, and then divide the profits with the team that is responsible for building and maintaining the ransomware.
There is a widespread belief that the notorious ransomware campaigns known as DarkSide and BlackMatter have been rebranded as ALPHV/BlackCat. It emerged for the first time in November of 2021, which is more than two years ago. The attack on Colonial Pipeline, which caused law enforcement officials to conduct in-depth investigations, brought this group, which was once known as DarkSide, to the attention of people all around the world.
According to a previous link provided by the FBI, the initial four months of the ransomware gang’s activity, which lasted from November 2021 to March 2022, were responsible for around sixty breaches that harmed businesses all over the world.
Read More:Instagram Introduces AI-Powered Background Editor for Users in the US
FBI Against Blackcat
According to the same Bleeping Computer report, the Federal Bureau of Investigation (FBI) has demonstrated that it is vigilant against the notorious cyberware gang. Recently, the government agency has provided mitigation strategies to assist network defenders and critical infrastructure companies in lessening the effects and hazards related to the attacks carried out by this ransomware group. These strategies were provided in a joint advisory with the Computer Security Incident Response Team (CISA).
In addition, the two organizations provided the FBI with TTPs (tactics, techniques, and procedures) as well as ALPHV IOCs (indicators of compromise), which the FBI had just found on December 6th.
It has been stated that network defenders are highly urged to adopt multifactor authentication (MFA) using strong passwords across all services, notably for webmail, virtual private networks (VPN), and accounts connected to important systems, and to prioritize the repair of vulnerabilities that have been exploited in the wild with the highest priority.
In addition, they should make vulnerability evaluations a top priority as vital components of traditional security procedures, and they should routinely upgrade and patch software to the most recent versions.
It is highly recommended that victims of the Blackcat ransomware get in touch with their local FBI field office in order to learn more about their options and find out what support could be available. The Federal Bureau of Investigation (FBI) has also published support for the general public.
Those individuals who have information regarding Blackcat, their associates, or their operations are also encouraged to get in touch with the Department of State because they may be eligible for a prize as part of the Rewards for Justice campaign.
Read More: Celebrity AI Chatbots from Meta Are Now Accessible on All US Apps
