U.S. Seizes Websites Belonging to BlackCat, a Notorious Russian Ransomware Gang | #ransomware | #cybercrime

The U.S. government on Tuesday said it had struck a major blow against the BlackCat ransomware gang, one of the world’s most dangerous cybercrime groups, in part by accessing its computer systems with the help of an undercover informant.

In the operation, U.S. authorities took down several of the group’s websites and developed a tool that has helped more than 500 of the group’s victims decrypt their locked files, according to a Justice Department statement.

BlackCat, also known as ALPHV, is a Russian-speaking hacker group that has attacked more than 1,000 victims worldwide since emerging in mid-November 2021. It operates a ransomware-as-a-service model — something like a franchise operation: It offers its malware to other groups, which then pay it a portion of the proceeds they receive from their victims. BlackCat’s activities have caused hundreds of millions of dollars in losses globally from ransom payments, data theft and destruction and incident response costs, the Justice Department said.

Cyberattacks using BlackCat malware have grabbed headlines recently. The teenage cybercrime gang “Scattered Spider” used BlackCat’s malware to hack the casino giants MGM and Caesars in September, causing widespread disruptions to the casinos’ businesses and elevating Scattered Spider’s profile as a serious digital threat.

BlackCat malware has also infected many forms of U.S. critical infrastructure, authorities said in Tuesday’s announcement, including “government facilities, emergency services, defense industrial base companies, critical manufacturing, and healthcare and public health facilities.”

The government mole inside BlackCat’s operation allowed federal investigators to closely study the group. Authorities enlisted the aid of a person “who routinely provides reliable information related to ongoing cybercrime investigations,” according to a federal search warrant unsealed on Tuesday. This person pretended to apply for a role as a BlackCat affiliate, passed the group’s technical knowledge tests, received login information for the hackers’ secure online control panel and turned over those credentials to the government.

Authorities also acquired the information necessary to access nearly 950 BlackCat websites hosted on the Tor anonymity network, including pages used to communicate with individual victims, websites where BlackCat posted stolen data and multiple web portals that the group used to manage its operations.

Based on this undercover sleuthing, the FBI created software to unlock victims’ files. Since then, the bureau has shared that tool worldwide and has helped “dozens of victims in the United States and internationally” use it, “saving multiple victims from ransom demands totaling approximately $68 million,” the Justice Department said.

U.S. authorities worked with Europol and law enforcement agencies in Australia, Austria, Denmark, Germany, Spain, Switzerland and the U.K. to investigate BlackCat’s operations and take down the group’s infrastructure, according to the announcement.

Source link

National Cyber Security