www.infosecurity-magazine.com
Open in
urlscan Pro
99.84.146.77
Public Scan
URL:
https://www.infosecurity-magazine.com/news/law-enforcement-blackcat-decryption/
Submission: On December 20 via api from TR — Scanned from DE
Submission: On December 20 via api from TR — Scanned from DE
Form analysis
2 forms found in the DOMGET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
<button type="submit" class="form-button with-icon">
<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
<path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</form>
GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
<input type="submit" value="Search" class="form-button">
</form>
Text Content
* Log In * Sign Up * * News * Magazine Features * Opinions * News Features * Interviews * Editorial * Blogs * Reviews * Slackspace * Next-Gen Infosec * Webinars * White Papers * Podcasts * Industry Events & Training * Magazine Events * Online Summits * Company Directory * Application Security * Automation * Big Data * Business Continuity * Cloud Security * Compliance * Cybercrime * Data Protection * Digital Forensics * Encryption * Human Factor * Identity Access Management * Industry Announcements * Internet Security * Malware * Managed Services * Mobile Security * Network Security * Payment Security * Physical and Information Security Convergence * Privacy * Risk Management * The Internet of Things * Log In * Sign Up * * News * Topics * Features * Webinars * White Papers * Podcasts * EventsEvents & Conferences * Directory * * Infosecurity Magazine Home » News » Law Enforcement Confirms BlackCat Take Down, Decryption Key Offered to Victims LAW ENFORCEMENT CONFIRMS BLACKCAT TAKE DOWN, DECRYPTION KEY OFFERED TO VICTIMS News 19 Dec 2023 WRITTEN BY JAMES COKER Deputy Editor, Infosecurity Magazine * Follow @ReporterCoker * * * The takedown of the ALPHV/BlackCat ransomware group’s leak site has been confirmed as a result of global law enforcement action. The FBI is now urging over 500 of the group’s victims to come forward to receive a decryption key that will enable them to restore their systems. A notice on the notorious Ransomware-as-a-Group’s (RaaS) website states that ‘This Website Has Been Seized.’ It adds: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.” The US Department of Justice (DoJ) confirmed the law enforcement disruption campaign in a statement on December 19, 2023. The DoJ revealed that the FBI has worked with dozens of victims in the US and internationally to develop a decryption tool, which they believe will save multiple victims from ransom demands totaling approximately $68m. Tim West, Head of Cyber Threat Tntelligence at WithSecure, commented: "There is no doubt that this action was incredibly complex and coordinated, required a significant amount of planning and collaboration. It will almost certainly damage the Blackcat/AlphV brand, perhaps beyond repair." MORE WEBSITES SEIZED Through the investigation, the FBI has gained more visibility into the BlackCat group’s computer network, enabling it to seize several more websites it operates. Deputy Attorney General Lisa O. Monaco commented: “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.” Acting Assistant Attorney General Nicole M. Argentieri of the Justice Department’s Criminal Division vowed to continue the investigation and pursue those behind BlackCat until they are brought to justice. “Criminal actors should be aware that the announcement today is just one part of this ongoing effort,” she warned. The DoJ also recognized the critical cooperation of Europol and German and Danish law enforcement in the action, alongside other national police agencies. It was first reported in early December 2023 that BlackCat was experiencing online disruption, which cybersecurity commentators quickly attributed to law enforcement action. CYBERSECURITY EXPERT ANALYSIS ON BLACKCAT TAKEDOWN On December 18, ZeroFox released an analysis of BlackCat’s activities from January 2022 to October 2023, finding that it was the second-most leveraged strain in North America and Europe over the period, behind only LockBit. Meanwhile, WithSecure found the BlackCat group to be responsible for 8.82% of attacks in 2023. While welcoming the takedown of the group’s leak site, Daniel Curtis, Senior Intelligence Analyst at ZeroFox, emphasized that it will likely only result in a temporary suppression of the threat from its operatives. “If unable to continue deploying the strain, ALPHV affiliates will very likely quickly pivot to other R&DE offerings and continue targeting victims at scale and at pace,” he noted. Michael McPherson, SVP Technical Operations ReliaQuest and former FBI special agent, said the law enforcement action is a body-blow to the ransomware ecosystem but by no means a knockout punch. “In the aftermath of such large-scale law enforcement disruptions, uncertainty permeates criminal organizations. In previous similar cases, the targeting of a ransomware group has typically resulted in operations ceasing, before members moved to other ransomware programs, or formed new groups. It is likely that this will spell the end of ALPHV as a criminal outfit. However, as noteworthy as this disruption is, there is no mention of any corresponding arrests,” he commented. Nevertheless, McPherson believes the potential permanent removal of ALPHV is likely to be a significant short-term disruption to ransomware globally. However, WithSecure's West commented: "Although diminished, ALPHV/Black Cat will likely hit corporations as they did in 2023, and from our research, we know that new ransomware groups form when the more established groups feel the squeeze from law enforcement." Experts also lauded the US government's support for victims of BlackCat, which Raj Samani, SVP and Chief Scientist at Rapid7 said is a vital component of disincentivizing other ransomware attackers. "In all cases of cybercrime, it is vital to never pay the ransom. It’s therefore great to see proactive support from the US government through the FBI’s free decryption tool to restore systems. Providing proactive solutions not only works to undercut the economic incentive for such attacks, but reminds victims that when cybercrime is reported it is taken seriously, and international law enforcement are working to disrupt these groups,” he outlined. YOU MAY ALSO LIKE 1. ALPHV SECOND MOST PROMINENT RANSOMWARE STRAIN BEFORE REPORTED DOWNTIME News18 Dec 2023 2. MGM CRITICIZED FOR REPEATED SECURITY FAILURES News13 Sep 2023 3. BLACKCAT RANSOMWARE GROUP REPORTS VICTIM TO SEC News16 Nov 2023 4. ALPHV/BLACKCAT SITE DOWNED AFTER SUSPECTED POLICE ACTION News11 Dec 2023 5. ESTEE LAUDER BREACHED BY TWO RANSOMWARE GROUPS News20 Jul 2023 WHAT’S HOT ON INFOSECURITY MAGAZINE? * Read * Shared * Watched * Editor's Choice MONGODB INVESTIGATES CUSTOMER ACCOUNT DATA BREACH News18 Dec 2023 1 UK PLANS TOUGH NEW SECURITY RULES FOR DATACENTERS News15 Dec 2023 2 TECHNOLOGY MANUFACTURERS URGED TO ELIMINATE PASSWORDS News18 Dec 2023 3 MITRE LAUNCHES CRITICAL INFRASTRUCTURE THREAT MODEL FRAMEWORK News13 Dec 2023 4 HOW TO BACKUP AND RESTORE DATABASE IN SQL SERVER Blog27 Mar 2023 5 INSURER’S UK HONEYPOTS ATTACKED 17 MILLION TIMES PER DAY News18 Dec 2023 6 BRINGING RESILIENCE TO THE CLOUD WITH ZERO TRUST Blog8 Dec 2023 1 TOP 10 CYBER-ATTACKS OF 2023 News Feature12 Dec 2023 2 POLICE ARREST HUNDREDS OF HUMAN TRAFFICKERS LINKED TO CYBER FRAUD News11 Dec 2023 3 ONE YEAR OF CHATGPT: THE IMPACT OF GENERATIVE AI ON CYBERSECURITY News Feature4 Dec 2023 4 VULNERABILITIES NOW TOP INITIAL ACCESS ROUTE FOR RANSOMWARE News14 Dec 2023 5 MITRE LAUNCHES CRITICAL INFRASTRUCTURE THREAT MODEL FRAMEWORK News13 Dec 2023 6 NAVIGATING THE CYBERSECURITY LANDSCAPE: REVIEWING 2023 AND STRATEGIES FOR 2024 Webinar12 Dec 2023 1 7 STEPS TO BUILDING QUANTUM RESILIENCE Webinar5 Dec 2023 2 MASTERING SOFTWARE SUPPLY CHAIN SECURITY WITH STRATEGIC DEFENSE MECHANISMS Webinar30 Nov 2023 3 INCIDENT RESPONSE: FOUR KEY CYBERSECURITY MEASURES TO PROTECT YOUR BUSINESS Webinar19 Oct 2023 4 THE NEXT FRONTIER FOR DATA SECURITY: INSIGHTS FROM SAFEGUARDING FORTUNE 500 DATA TRANSFERS Webinar23 Nov 2023 5 VULNERABILITY MANAGEMENT: WHY A RISK-BASED APPROACH IS ESSENTIAL Webinar28 Sep 2023 6 WHAT IT PROFESSIONALS NEED TO KNOW ABOUT SSL CERTIFICATES FOR WEBSITES Blog5 Oct 2023 1 CHINA POISED TO DISRUPT US CRITICAL INFRASTRUCTURE WITH CYBER-ATTACKS, MICROSOFT WARNS News5 Oct 2023 2 RED CROSS ISSUES WARTIME HACKTIVIST RULES News4 Oct 2023 3 AI-GENERATED PHISHING EMAILS ALMOST IMPOSSIBLE TO DETECT, REPORT FINDS News2 Oct 2023 4 DATA THEFT OVERTAKES RANSOMWARE AS TOP CONCERN FOR IT DECISION MAKERS News2 Oct 2023 5 SOLARWINDS CISO ON DEVELOPING A MORE SECURE SOFTWARE ECOSYSTEM AFTER INFAMOUS HACK Interview2 Oct 2023 6 THE MAGAZINE * About Infosecurity * Meet the team * Contact us ADVERTISERS * Media pack CONTRIBUTORS * Forward features * Op-ed * Next-gen submission * * * * Copyright © 2023 Reed Exhibitions Ltd. * Terms and Conditions * Privacy Policy * Intellectual property statement * Cookies Settings * Cookie Policy * Sitemap We use cookies to analyse and improve our service, to improve and personalise content, advertising and your digital experience. We also share information about your use of our site with our social media, advertising and analytics partners. Cookie Policy Accept All Cookies Cookies Settings COOKIE PREFERENCE CENTRE We process your information, to deliver content or advertisements and measure the delivery of such content or advertisements, extract insights, and generate reports to understand service usage; and/or accessing or storing information on devices for that purpose. You can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more, to change our default settings, and/or view the list of Google Ad-Tech Vendors. Cookie Policy MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active Strictly Necessary Cookies These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details Confirm My Choices Back Button Back PERFORMANCE COOKIES Vendor Search Search Icon Filter Icon Clear Filters Information storage and access Apply Consent Leg.Interest All Consent Allowed Select All Vendors Select All Vendors All Consent Allowed Confirm My Choices