The DOJ says it disrupted the Blackcat ransomware group
It used a decryption tool to save victims over $68 million in ransom payments.
The US Department of Justice says it has disrupted the Blackcat ransomware group. Also called ALPHV or Noberus, the hackers have targeted over 1,000 computer networks and extorted millions of dollars from victims. Bloomberg reports its members were known for speaking Russian. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” Deputy Attorney General Lisa O. Monaco wrote in a DOJ news release.
The FBI says it developed a decryption tool, which it has used to help over 500 Blackcat victims recover their data — saving more than $68 million in ransom payments. The agency adds that it has “gained visibility into the Blackcat ransomware group’s computer network” and seized several of its websites.
“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Monaco wrote. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
Blackcat’s developers create and update the ransomware software, which “affiliates” deploy in attacks on high-value targets; the developers and attackers then split the profits. Once an affiliate has infiltrated a network, they typically steal sensitive data before encrypting the victim’s system, incapacitating it. They then ask for a ransom. If the victims pay, the hackers say they’ll decrypt the system and abstain from exposing their confidential information. If the targets refuse to pony up, the hackers leave the victims locked out and publish their spicy documents on the dark web.
Blackcat took credit for infiltrating businesses and other US and European organizations. These included hacks on MGM Resorts, Caesars Entertainment, Reddit, US critical infrastructure (government facilities, emergency services, defense industrial base companies, critical manufacturing and healthcare facilities), a large UK hospital group and various attacks across the energy sector.
Its members aren’t afraid to think outside the box, either. Last month, Blackcat affiliates reportedly ratcheted the pressure on a hacked company by snitching to the SEC for not reporting their infiltration.
Although this could only be a fleeting upper hand in a long-running game of cat and mouse, the DOJ warns it’s just getting started. “Criminal actors should be aware that the announcement today is just one part of this ongoing effort,” wrote the DOJ’s Acting Assistant Attorney General Nicole M. Argentieri. “Going forward, we will continue our investigation and pursue those behind Blackcat until they are brought to justice.”