DOJ saves millions for victims of the Blackcat Ransomware Group

Hotstar in UAE
Hotstar in UAE

The US Department of Justice (DOJ) has successfully disrupted the notorious Blackcat ransomware group, also known as ALPHV or Noberus. This follows the DOJ’s investigation into Apple’s alleged anti-competitive practices. After hitting Henry Schein with two major ransomware attacks in less than two months, the hacking collective targeted over 1,000 computer networks and extorted millions of dollars from victims. Thankfully, the DOJ’s intervention has halted the operation at least up to some extent, and the DOJ has noted that it’s just the beginning.

“Criminal actors should be aware that the announcement today is just one part of this ongoing effort. Going forward, we will continue our investigation and pursue those behind Blackcat until they are brought to justice.”

The Blackcat ransomware group, known for its members communicating in Russian (as noted by Bloomberg), has been a thorn in the side of businesses and organizations globally. Deputy Attorney General Lisa O. Monaco stated in a DOJ news release, “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers.”

FBI’s decryption tool rescues over 500 victims of the Blackcat Ransomware Group

The FBI played a crucial role in this operation, developing a decryption tool that aided more than 500 Blackcat victims in recovering their data. This initiative saved victims over $68 million in ransom payments. The FBI not only provided decryption assistance but also gained visibility into the Blackcat ransomware group’s computer network, allowing the seizure of several of its websites.

The modus operandi of Blackcat involves developers creating and updating ransomware software, which “affiliates” deploy in attacks on high-value targets. The developers and attackers then share the illicit profits. Once the hackers infiltrate a network, they steal sensitive data before encrypting the victim’s system. The hackers then demand a ransom, threatening to expose confidential information if the victim denies to pay the ransom.

The group promised decryption and non-disclosure of sensitive information to the victims who paid the ransom, while they left those who resisted locked out. The hackers also exposed their data on the dark web. Blackcat’s targets included major entities like MGM Resorts, Caesars Entertainment, critical infrastructure, and Reddit in the US and Europe, encompassing government facilities, emergency services, defense companies, critical manufacturing, healthcare facilities, and a large UK hospital group.

As the cat-and-mouse game continues, the DOJ’s message is clear: criminal actors involved in cybercrime will be pursued relentlessly until they are held accountable for their actions.

2023-12-26 15:05:34