Several websites belonging to the ALPHV ransomware group (also known as BlackCat) have been seized, and the decryptor for the malware released, authorities have announced.
The U.S. Department of Justice (DoJ) published a press release announcing the disruption of ALPHV’s infrastructure, and the subsequent release of the decryptor that helped roughly 500 victims in the US, and around the world.
This is the result of a joint, coordinated action, led by the FBI, in which multiple law enforcement agencies participated, TechCrunch reported, among which are the police departments from the UK, Denmark, Germany, Spain, and Australia. Europol also confirmed being involved in the operation but declined to share further details.
Hacking the hackers
Reports also indicate that the entire operation was made possible thanks to a “confidential human source” who was close with the group and gave the agents access to ALPHV’s affiliate panel, where the hackers managed their victims.
ALPHV’s data leak site has been seized, and visitors are now greeted with the typical FBI takedown defacement page.
BlackCat was one of the most active, dangerous ransomware groups out there. It infected hundreds of organizations and encrypted thousands of computers around the world. Among its victims were critical infrastructure organizations, too, the DoJ confirmed. The release of a decryptor will enable victims to regain access to their sensitive data and deter those currently blocked from succumbing to the temptation to pay the ransom.
The FBI says BlackCat is currently demanding some $68 million from its victims.
“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa O. Monaco. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”