The ALPHV/BlackCat ransomware-as-a-service (RaaS) cartel, which has been causing havoc in the cyber world, has finally been disrupted by a multinational, US-led operation. The gang’s operations were speculated to have been disrupted or taken down by law enforcement agencies after a period of downtime in December. However, gang members are still trying to minimize the impact and uncertainty remains.
The operation against BlackCat involved agencies from Australia, Austria, Denmark, Germany, Spain, Switzerland, and the UK’s National Crime Agency. In addition, the FBI has successfully developed a decryption tool for the gang’s ransomware locker and has distributed it to over 500 affected victims. As a result, an estimated $68 million in ransom payments has been saved.
US deputy attorney general Lisa Monaco stated that the Justice Department has once again hacked the hackers, and they will continue prioritizing disruptions and placing victims at the center of their strategy to dismantle cybercrime.
While this disruption is seen as a significant win for law enforcement, it may not extend to all the affiliate groups of the cartel. Some smaller players may still be active, and they might establish relationships with other RaaS programs for support in encryption, extortion, and victim shaming.
Researchers have also found evidence that other RaaS operators have offered to publish stolen data on behalf of BlackCat affiliates. Additionally, BlackCat has responded to the takedown notice by announcing that it has been “unseized” and retains a private key needed to operate on the Tor network. They have redirected visitors to a new blog site and threatened vengeance.
Overall, while progress has been made in disrupting the BlackCat ransomware cartel, there are still challenges and uncertainties ahead.