Although the main dark web domain of the ALPHV Ransomware has been seized, the blog remains online.
The official website of the notorious ALPHV (aka Blackcat) has been seized by law enforcement authorities, including the FBI, the US DoJ, and several European security agencies under Europol.
The latest development should not come as a surprise, as a few days ago, the ALPHV gang went offline amid rumours that it had been taken down by law enforcement. These claims were categorically denied by the gang; however, today’s seizure confirms the previous rumours.
As seen by Hackread.com, the homepage of the ALPHV ransomware website was defaced with a banner announcing the seizure. However, the blog on which the ransomware gang advertised their hacks is still online and no seizure notice is seen at the time of writing.
“This website has been seized – The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.
This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol and Zentrale Kriminalinspektion Göttingen.
If you have information about Blackcat, their affiliates, or activities, you may be eligible for a reward through the Department of State’s Rewards for Justice program.”
It’s safe to say that ALPHV ransomware has targeted a wide range of organizations across various industries, including critical infrastructure, finance, education, and manufacturing. However, the exact number of victims and the full extent of the damage remains unknown. The ALPHV gang’s known victims include MGM Resorts, NCR Data Center, Amazon’s Ring, and several others, among which are the following:
- Seiko
- Motel One
- Swissport
- Western Digital
- NCAT State University
- NJVC (US defence contractor)
- Bet9ja (Nigerian betting platform)
- SOLAR INDUSTRIES INDIA (industrial explosives manufacturer)
- Creos Luxembourg S.A. (gas pipeline and electricity network operator).
So What Not?
Although the FBI has not officially announced the seizure, it appears that no arrests were made, and only the domain was taken offline. On the other hand, the Department of Justice (DoJ) has also released a press statement confirming that there is a decryption tool available for the ransomware and victims around the world are welcome to contact the FBI for access to the tool.
“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa O. Monaco. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
However, in a tweet, the online malware repository Vx-Underground claimed that they were contacted by the gang’s team, revealing that they had already moved their server to a new domain.
Random Facts About ALPHV ransomware
- Emerged in December 2021: This relatively new ransomware group quickly gained notoriety for its sophisticated tactics and aggressive targeting.
- BlackCat alias: ALPHV is also known as BlackCat, often used interchangeably.
- Targets: Primarily attacks high-profile organizations across various sectors like finance, healthcare, critical infrastructure, and manufacturing.
- Tactics: Employs double extortion tactics, stealing victim data before encrypting it, and threatening to leak it if ransom demands are not met.
- Technical sophistication: Known for using advanced encryption algorithms and evasion techniques to avoid detection.
As of now, attributing ALPHV to a specific group or country with certainty is difficult due to the nature of cybercrime and the group’s efforts to remain anonymous. Nevertheless, this article will be updated with additional information. So keep visiting Hackread.com!