The U.S. Department of Justice announced that it had disrupted the operations of the ALPHV ransomware group and seized decryption keys that helped 500 victims decrypt files without paying a ransom.
The Russian-speaking ALPHV (also known as BlackCat or Noberus) is one of the most notorious ransomware groups in the world, with its many victims including a Beverly Hills plastic surgery center, Las Vegas casino giant MGM Resorts , hotel chain and cosmetics company Estee Lauder.
Just last month, ALPHV made headlines when it boldly complained to the U.S. Securities and Exchange Commission (SEC) that a company it had attacked (but refused to pay the ransom) failed to notify authorities of a data breach.
The U.S. Department of Justice said it considers ALPHV/Blackcat to be the second most prevalent ransomware-as-a-service variant in the world, based on the hundreds of millions of dollars it has extorted from victims worldwide.
Starting today, however, visitors to the ALPHV darknet will see a banner saying that the site has been blocked by authorities.
![](https://blogapp.bitdefender.com/hotforsecurity/content/images/2023/12/alphv-seized.jpeg)
Moreover, it is understood that the FBI has been working hard behind the scenes to work with dozens of ALPHV victims, saving them approximately $68 million in ransom payments by providing them with free decryption of data.
As an unsealed search warrant states, the ransomware gang’s infrastructure is not as secure as it would like.
as Computer beeps According to reports, a confidential FBI source successfully registered as an affiliate of the ALPHV/BlackCat ransomware operation and was granted access to the group’s backend affiliate panel.
After successfully gaining access to ALPHV’s private control panel, FBI agents were able to gather a wealth of information about the criminal enterprise’s operations:
“From the activity screen, affiliates can see the victim entity, full ransom price demanded, discounted ransom price, expiration date, cryptocurrency address, cryptocurrency transactions, infected computer system type, ransom demand order, and The victim’s chats, etc.,” the FBI explained.
With this access, investigators were able to obtain the decryption keys used in the attacks and provided them to hundreds of victims to recover their data for free.
ALPHV/BlackCat is a business. Granted, this is a crime. But like any business, it will not take kindly to having its money-making operations disrupted (in this case, by crime-fighting authorities).
ALPHV/BlackCat issued its own announcement within hours of the Justice Department issuing a press release announcing efforts to disrupt some of the ransomware group’s activities.
On the dark web, ALPHV/BlackCat claimed that it had “seized” its domains and threatened retaliation against the United States and other countries that facilitated the operation by allowing its affiliates to launch attacks on critical infrastructure.
![](https://blogapp.bitdefender.com/hotforsecurity/content/images/2023/12/alphv-unseized.jpeg)
As security researcher Allan Liska explained on twitterThe ransomware group claims to have “captured” its servers, which is somewhat dishonest. However, encouraging ALPHV/BlackCat affiliates to launch more attacks on more critical targets can definitely be seen as raising the stakes.
In short, ALPHV/BlackCat says it will no longer be “acting nice”… just as any group that extorts millions of dollars from innocent companies by encrypting and stealing data can be said to be “acting nice.” very good”.