ALPHV ransomware group has site seized by FBI and other authorities

19 Dec 2023

Image: © Phruetthiphong/Stock.adobe.com

The FBI and other international groups have used decryption tools to hack ALPHV, also known as BlackCat, and seize their networks.

International authorities have seized the web leak site belonging to the ransomware hacker gang ALPHV, also known as BlackCat, TechCrunch has reported.

The group has been active for the past number of months, targeting industries such as healthcare, finance, government and education. Its attacks are typically attempts to extort money by demanding payment for decryption tools or as compensation for not releasing any stolen data.

The group’s disruptive activities have confounded authorities over the past few months. In a statement released today (19 December), the US Department of Justice said ALPHV had “targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception”.

ALPHV BlackCat has been ‘prolific’

“Over the past 18 months, ALPHV BlackCat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransom paid by victims around the world. Due to the global scale of these crimes, multiple foreign law enforcement agencies are conducting parallel investigations,” the statement said.

The group, whose members are mostly based in the US, was responsible for a cyberattack on one of the UK’s National Health Services (NHS) trusts earlier this year. ALPHV claimed responsibility for the attack in which a massive 70TB of data was supposedly stolen.

Before that major attack on the NHS, ALPHV targeted Reddit, demanding millions in ransom. The group also said it was displeased with Reddit’s threats to monetise access to its APIs.

The US Department of Justice said that the FBI was able to work alongside other intelligence authorities to save victims from ransom demands. They did this by using a decryption tool that allowed many victims to restore their systems. The FBI was also able to seize several websites operated by the ALPHV group after it gained visibility of some of its computer networks.

Reminiscent of the hack on Hive

“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said US deputy attorney general Lisa O Monaco. Her statement is quite similar to one she made previously in relation to another ransomware crime group, Hive. That group was hacked by the FBI at the beginning of this year and its decryption keys were released to victims to give the hackers a taste of their own medicine.

Ransomware groups like Hive and ALPHV frequently regroup and begin targeting networks and victims all over again. The US authorities worked with their counterparts from the United Kingdom, Denmark, Germany, Spain and Australia to take ALPHV down in this instance.

Those working in the cybersecurity industry welcomed the news that the gang’s websites were seized. Tim West, head of cyberthreat intelligence at WithSecure, said ALPHV had been responsible for 8.82pc of cyberattacks in 2023.

“The seizure of their dark web leak site will send shockwaves across the ransomware ecosystem,” he said, adding that the gang would more than likely be damaged “perhaps beyond repair”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Blathnaid O’Dea was a Careers reporter at Silicon Republic until 2024.

editorial@siliconrepublic.com