US-led Operation Seizes Website of Prolific Russian-Speaking Ransomware Group, Restoring Victims' Computers
US and its allies have successfully seized the primary website of a highly active Russian-speaking ransomware gang, effectively relieving victims from their cyber extortion tactics This significant operation was carried out by international law enforcement agencies, as announced on the gang's website on Tuesday
Law enforcement agencies in the US and allies globally have taken down the primary website used by a prominent Russian-speaking cybercriminal gang to extort ransom payments from their victims. According to an announcement posted on the website on Tuesday, the FBI has also created a software key that enables victims to discreetly unlock their computers, ultimately preventing ransom demands totaling approximately $68 million. The Justice Department confirmed this in a statement.
This is a major setback for the well-organized cybercriminal syndicate accused by the Justice Department of targeting over 1,000 victims globally and extorting hundreds of millions of dollars from them.
Over the past 18 months, hackers using the ransomware ALPHV, also known as BlackCat, have launched numerous attacks on US universities, healthcare providers, and hotels. They have also claimed responsibility for using ALPHV ransomware in one of two high-profile ransomware attacks on Las Vegas casinos in September. In the next month, hackers using ALPHV allegedly stole a large amount of patient data from a community hospital in Illinois.
The ALPHV website was seized by authorities in coordination with the US Attorneys Office for the Southern District of Florida, according to the notice which displayed the seals of the FBI, US Secret Service, and various other law enforcement agencies from around the world. Ransomware groups utilize dark-web sites in an attempt to coerce victims into paying ransoms, sometimes amounting to millions of dollars. When victims refuse to pay, hackers often release stolen data from their network. The seizure of a group's website by law enforcement can indicate that investigators have gained broader access to the hackers' core computer infrastructure. This action is part of a larger crackdown.
The ransomware gang recently set up a new website that is still online as of Tuesday morning. However, this site seems to hold little importance for the group's operations. ALPHV, the cybercriminals behind the attack, are likely to regroup and carry out new hacks since they have not been arrested. However, they may struggle to retain "affiliates," or hackers who pay to use the ransomware, due to the damage to their reputation, according to Alexander Leslie, a Russian-speaking analyst at cybersecurity firm Recorded Future.
"According to Leslie, ALPHV has experienced a turbulent history and has been the focus of extensive media coverage in recent months," Leslie informed CNN. "This is not an appealing option for ransomware affiliates who want to stay under the radar and make a consistent income."
This is the most recent effort by US and allied law enforcement to weaken the profitable ransomware industry. As the national security threat posed by ransomware has become increasingly evident in the last two years, the FBI has become more proactive in attempting to disrupt hackers' operations, even if it means not making arrests.
Deputy Attorney General Lisa Monaco stated on Tuesday that in taking down the BlackCat ransomware group, the Justice Department has once again outsmarted the hackers. According to Chainalysis, a company that monitors cryptocurrency, cybercriminals received at least $449 million in ransom payments in the first half of the year. In the case of ALPHV and other groups, the ransomware is rented out to various criminal organizations for a fee. Ransomware experts note that while some individuals behind the ransomware are of Russian descent, others come from different countries.
