www.infosecurity-magazine.com
Open in
urlscan Pro
99.84.146.77
Public Scan
URL:
https://www.infosecurity-magazine.com/news/law-enforcement-blackcat-decryption/
Submission: On December 20 via api from TR — Scanned from DE
Submission: On December 20 via api from TR — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search site…" aria-label="Search keywords" required="required">
<button type="submit" class="form-button with-icon">
<svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg" role="img" aria-label="Search">
<path d="M15 15L21 21M10 17C6.13401 17 3 13.866 3 10C3 6.13401 6.13401 3 10 3C13.866 3 17 6.13401 17 10C17 13.866 13.866 17 10 17Z" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</form>GET https://www.infosecurity-magazine.com/search/
<form method="get" action="https://www.infosecurity-magazine.com/search/" role="search">
<input type="search" name="q" class="form-control" placeholder="Search Infosecurity Magazine…" aria-label="Search keywords" required="required">
<input type="submit" value="Search" class="form-button">
</form>Text Content
* Log In
* Sign Up
*
* News
* Magazine Features
* Opinions
* News Features
* Interviews
* Editorial
* Blogs
* Reviews
* Slackspace
* Next-Gen Infosec
* Webinars
* White Papers
* Podcasts
* Industry Events & Training
* Magazine Events
* Online Summits
* Company Directory
* Application Security
* Automation
* Big Data
* Business Continuity
* Cloud Security
* Compliance
* Cybercrime
* Data Protection
* Digital Forensics
* Encryption
* Human Factor
* Identity Access Management
* Industry Announcements
* Internet Security
* Malware
* Managed Services
* Mobile Security
* Network Security
* Payment Security
* Physical and Information Security Convergence
* Privacy
* Risk Management
* The Internet of Things
* Log In
* Sign Up
*
* News
* Topics
* Features
* Webinars
* White Papers
* Podcasts
* EventsEvents & Conferences
* Directory
* *
Infosecurity Magazine Home » News » Law Enforcement Confirms BlackCat Take Down,
Decryption Key Offered to Victims
LAW ENFORCEMENT CONFIRMS BLACKCAT TAKE DOWN, DECRYPTION KEY OFFERED TO VICTIMS
News 19 Dec 2023
WRITTEN BY
JAMES COKER
Deputy Editor, Infosecurity Magazine
* Follow @ReporterCoker
*
*
*
The takedown of the ALPHV/BlackCat ransomware group’s leak site has been
confirmed as a result of global law enforcement action.
The FBI is now urging over 500 of the group’s victims to come forward to receive
a decryption key that will enable them to restore their systems.
A notice on the notorious Ransomware-as-a-Group’s (RaaS) website states that
‘This Website Has Been Seized.’
It adds: “The Federal Bureau of Investigation seized this site as part of a
coordinated law enforcement action taken against ALPHV Blackcat Ransomware.”
The US Department of Justice (DoJ) confirmed the law enforcement disruption
campaign in a statement on December 19, 2023.
The DoJ revealed that the FBI has worked with dozens of victims in the US and
internationally to develop a decryption tool, which they believe will save
multiple victims from ransom demands totaling approximately $68m.
Tim West, Head of Cyber Threat Tntelligence at WithSecure, commented: "There is
no doubt that this action was incredibly complex and coordinated, required a
significant amount of planning and collaboration. It will almost certainly
damage the Blackcat/AlphV brand, perhaps beyond repair."
MORE WEBSITES SEIZED
Through the investigation, the FBI has gained more visibility into the BlackCat
group’s computer network, enabling it to seize several more websites it
operates.
Deputy Attorney General Lisa O. Monaco commented: “With a decryption tool
provided by the FBI to hundreds of ransomware victims worldwide, businesses and
schools were able to reopen, and health care and emergency services were able to
come back online. We will continue to prioritize disruptions and place victims
at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
Acting Assistant Attorney General Nicole M. Argentieri of the Justice
Department’s Criminal Division vowed to continue the investigation and pursue
those behind BlackCat until they are brought to justice.
“Criminal actors should be aware that the announcement today is just one part of
this ongoing effort,” she warned.
The DoJ also recognized the critical cooperation of Europol and German and
Danish law enforcement in the action, alongside other national police agencies.
It was first reported in early December 2023 that BlackCat was experiencing
online disruption, which cybersecurity commentators quickly attributed to law
enforcement action.
CYBERSECURITY EXPERT ANALYSIS ON BLACKCAT TAKEDOWN
On December 18, ZeroFox released an analysis of BlackCat’s activities from
January 2022 to October 2023, finding that it was the second-most leveraged
strain in North America and Europe over the period, behind only LockBit.
Meanwhile, WithSecure found the BlackCat group to be responsible for 8.82% of
attacks in 2023.
While welcoming the takedown of the group’s leak site, Daniel Curtis, Senior
Intelligence Analyst at ZeroFox, emphasized that it will likely only result in a
temporary suppression of the threat from its operatives.
“If unable to continue deploying the strain, ALPHV affiliates will very likely
quickly pivot to other R&DE offerings and continue targeting victims at scale
and at pace,” he noted.
Michael McPherson, SVP Technical Operations ReliaQuest and former FBI special
agent, said the law enforcement action is a body-blow to the ransomware
ecosystem but by no means a knockout punch.
“In the aftermath of such large-scale law enforcement disruptions, uncertainty
permeates criminal organizations. In previous similar cases, the targeting of a
ransomware group has typically resulted in operations ceasing, before members
moved to other ransomware programs, or formed new groups. It is likely that this
will spell the end of ALPHV as a criminal outfit. However, as noteworthy as this
disruption is, there is no mention of any corresponding arrests,” he commented.
Nevertheless, McPherson believes the potential permanent removal of ALPHV is
likely to be a significant short-term disruption to ransomware globally.
However, WithSecure's West commented: "Although diminished, ALPHV/Black Cat will
likely hit corporations as they did in 2023, and from our research, we know that
new ransomware groups form when the more established groups feel the squeeze
from law enforcement."
Experts also lauded the US government's support for victims of BlackCat, which
Raj Samani, SVP and Chief Scientist at Rapid7 said is a vital component of
disincentivizing other ransomware attackers.
"In all cases of cybercrime, it is vital to never pay the ransom. It’s therefore
great to see proactive support from the US government through the FBI’s free
decryption tool to restore systems. Providing proactive solutions not only works
to undercut the economic incentive for such attacks, but reminds victims that
when cybercrime is reported it is taken seriously, and international law
enforcement are working to disrupt these groups,” he outlined.
YOU MAY ALSO LIKE
1. ALPHV SECOND MOST PROMINENT RANSOMWARE STRAIN BEFORE REPORTED DOWNTIME
News18 Dec 2023
2. MGM CRITICIZED FOR REPEATED SECURITY FAILURES
News13 Sep 2023
3. BLACKCAT RANSOMWARE GROUP REPORTS VICTIM TO SEC
News16 Nov 2023
4. ALPHV/BLACKCAT SITE DOWNED AFTER SUSPECTED POLICE ACTION
News11 Dec 2023
5. ESTEE LAUDER BREACHED BY TWO RANSOMWARE GROUPS
News20 Jul 2023
WHAT’S HOT ON INFOSECURITY MAGAZINE?
* Read
* Shared
* Watched
* Editor's Choice
MONGODB INVESTIGATES CUSTOMER ACCOUNT DATA BREACH
News18 Dec 2023
1
UK PLANS TOUGH NEW SECURITY RULES FOR DATACENTERS
News15 Dec 2023
2
TECHNOLOGY MANUFACTURERS URGED TO ELIMINATE PASSWORDS
News18 Dec 2023
3
MITRE LAUNCHES CRITICAL INFRASTRUCTURE THREAT MODEL FRAMEWORK
News13 Dec 2023
4
HOW TO BACKUP AND RESTORE DATABASE IN SQL SERVER
Blog27 Mar 2023
5
INSURER’S UK HONEYPOTS ATTACKED 17 MILLION TIMES PER DAY
News18 Dec 2023
6
BRINGING RESILIENCE TO THE CLOUD WITH ZERO TRUST
Blog8 Dec 2023
1
TOP 10 CYBER-ATTACKS OF 2023
News Feature12 Dec 2023
2
POLICE ARREST HUNDREDS OF HUMAN TRAFFICKERS LINKED TO CYBER FRAUD
News11 Dec 2023
3
ONE YEAR OF CHATGPT: THE IMPACT OF GENERATIVE AI ON CYBERSECURITY
News Feature4 Dec 2023
4
VULNERABILITIES NOW TOP INITIAL ACCESS ROUTE FOR RANSOMWARE
News14 Dec 2023
5
MITRE LAUNCHES CRITICAL INFRASTRUCTURE THREAT MODEL FRAMEWORK
News13 Dec 2023
6
NAVIGATING THE CYBERSECURITY LANDSCAPE: REVIEWING 2023 AND STRATEGIES FOR 2024
Webinar12 Dec 2023
1
7 STEPS TO BUILDING QUANTUM RESILIENCE
Webinar5 Dec 2023
2
MASTERING SOFTWARE SUPPLY CHAIN SECURITY WITH STRATEGIC DEFENSE MECHANISMS
Webinar30 Nov 2023
3
INCIDENT RESPONSE: FOUR KEY CYBERSECURITY MEASURES TO PROTECT YOUR BUSINESS
Webinar19 Oct 2023
4
THE NEXT FRONTIER FOR DATA SECURITY: INSIGHTS FROM SAFEGUARDING FORTUNE 500 DATA
TRANSFERS
Webinar23 Nov 2023
5
VULNERABILITY MANAGEMENT: WHY A RISK-BASED APPROACH IS ESSENTIAL
Webinar28 Sep 2023
6
WHAT IT PROFESSIONALS NEED TO KNOW ABOUT SSL CERTIFICATES FOR WEBSITES
Blog5 Oct 2023
1
CHINA POISED TO DISRUPT US CRITICAL INFRASTRUCTURE WITH CYBER-ATTACKS, MICROSOFT
WARNS
News5 Oct 2023
2
RED CROSS ISSUES WARTIME HACKTIVIST RULES
News4 Oct 2023
3
AI-GENERATED PHISHING EMAILS ALMOST IMPOSSIBLE TO DETECT, REPORT FINDS
News2 Oct 2023
4
DATA THEFT OVERTAKES RANSOMWARE AS TOP CONCERN FOR IT DECISION MAKERS
News2 Oct 2023
5
SOLARWINDS CISO ON DEVELOPING A MORE SECURE SOFTWARE ECOSYSTEM AFTER INFAMOUS
HACK
Interview2 Oct 2023
6
THE MAGAZINE
* About Infosecurity
* Meet the team
* Contact us
ADVERTISERS
* Media pack
CONTRIBUTORS
* Forward features
* Op-ed
* Next-gen submission
*
*
*
* Copyright © 2023 Reed Exhibitions Ltd.
* Terms and Conditions
* Privacy Policy
* Intellectual property statement
* Cookies Settings
* Cookie Policy
* Sitemap
We use cookies to analyse and improve our service, to improve and personalise
content, advertising and your digital experience. We also share information
about your use of our site with our social media, advertising and analytics
partners. Cookie Policy
Accept All Cookies
Cookies Settings
COOKIE PREFERENCE CENTRE
We process your information, to deliver content or advertisements and measure
the delivery of such content or advertisements, extract insights, and generate
reports to understand service usage; and/or accessing or storing information on
devices for that purpose.
You can choose not to allow some types of cookies. However, blocking some types
of cookies may impact your experience of the site and the services we are able
to offer. Click on the different category headings to find out more, to change
our default settings, and/or view the list of Google Ad-Tech Vendors.
Cookie Policy
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. If you do not allow these cookies, you will
experience less targeted advertising.
Cookies Details
Confirm My Choices
Back Button
Back
PERFORMANCE COOKIES
Vendor Search Search Icon Filter Icon
Clear Filters
Information storage and access
Apply
Consent Leg.Interest
All Consent Allowed
Select All Vendors
Select All Vendors
All Consent Allowed
Confirm My Choices