US officials seize websites associated with Blackcat ransomware

US officials say they have seized digital extortion websites associated with the notorious “Blackcat” ransomware gang and are helping dozens of victims recover their data.

Blackcat – also known as ALPHV or Noberus – is accused of working with the prolific hacking gang known as “Scattered Spider,” which has terrorized major businesses including MGM Resorts International and Caesars Entertainment.

In a statement, the US Justice Department said that it had “gained visibility into the Blackcat ransomware group’s computer network” and seized “several websites.”

There was no mention of arrests or of action against Scattered Spider, a group believed by security researchers to be composed at least in part of young, English-speaking hackers in the West.

The group has acted as the sharp end of the spear for Blackcat, seeding data-scrambling software on victims’ devices which can typically only be removed following a massive ransom payment.

Private sector cyber security analysts say the takedown is significant as it should disrupt the group’s crime spree and network of hacking associates, which they normally partner with to extort victims.

“This is a huge win for law enforcement and the community,” said Charles Carmakal, a senior executive with US cyber security firm Mandiant, a division of Google Cloud.

“ALPHV was one of the most active ransomware-as-a-service (RaaS) programs.

“They worked with both Russian affiliates and English-speaking western affiliates.”

A US Justice Department spokesperson declined to comment citing an ongoing investigation.

The Federal Bureau of Investigation did not immediately return messages seeking additional detail about the seizure.

The statement said that the FBI had developed a decryption tool that could help up to 500 victims recover their data following the Blackcat seizure.

It said that “to date, the FBI has worked with dozens of victims in the United States and internationally to implement this solution, saving multiple victims from ransom demands totalling approximately US$68 million ($100.9 million).”

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts