Law enforcement agencies led by FBI disrupt ALPHV ransomware gang | #ransomware | #cybercrime

A group of law enforcement agencies led by the Federal Bureau of Investigation have disrupted the infrastructure of the world’s second most prolific ransomware gang. 

The FBI announced the development this morning. The ransomware gang it disrupted is tracked as ALPHV, BlackCat and Noberus. Authorities shut down several of ALPHV’s technical assets, including multiple malicious websites, in collaboration with law enforcement agencies from Australia, Austria, Denmark, Spain, Switzerland and the UK.

ALPHV’s ransomware is believed to have infected more than 1,000 organizations since the hacking group emerged about 18 months ago. Those organizations included government agencies, critical manufacturers, healthcare providers and schools to name a few. The FBI estimates that the cyberattacks incurred hundreds of millions of dollars in costs related to ransomware payments, breach remediation efforts and the theft of proprietary data.

ALPHV is what’s known as a ransomware-as-a-service group. It doesn’t launch cyberattacks directly, but rather develops ransomware and sells it to “affiliates” that use the malicious software to breach organizations’ networks. 

The FBI detailed that ALPHV affiliates often seek to encrypt the most sensitive data in an organization’s network. They threaten to keep the information inaccessible as well as release an unencrypted, readable version if a ransom is not paid. The hackers publish the stolen data on a dark web website if the payment is not made. 

The FBI reportedly gained access to ALPHV’s computer network by recruiting a confidential human source close to the hackers. Previously, the U.S. Department of State announced that it would reward people for information about ALPHV. According to the FBI, the source close to ALPHV provided officials with credentials that they used to log into the ransomware gang’s network. 

Officalls gained access to the group’s affiliate panel, a software tool it used to coordinate cyberattacks with affiliates. The panel displayed technical data on the systems of an organization targeted in a ransomware attack. Additionally, it provided access to related files including correspondence with the targeted company. 

After gaining access to ALPHV’s network, authorities took down a number of malicious websites used by the ransomware gang to support its activities. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco. 

The websites in questions were powered by a networking technology called Tor. It’s often used by hackers to anonymize their network traffic, which makes it harder for law enforcement agencies to trace. Gaining administrative access to a Tor-powered website requires obtaining a set of encryption keys associated with that property.

The FBI obtained the keys to ALPHV’s websites after gaining access to its network. Additionally, the agency released a tool that organizations can use to decrypt information scrambled by ALPHV ransomware. The FBI and its law enforcement partners so far provided the tools to more than 500 victims, helping them avoid an estimated $68 million in ransom payments. 

“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Monaco said. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”

Photo: J/Flickr

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy


Source link

National Cyber Security