Aldohn Domingo, Tech Times

Ransomware gang 'ALPHV' or 'Blackcat' has reportedly issued more threats, implying to attack critical US infrastructures, days after the FBI confirmed it took down the cyber gang's website and recovered the files of roughly 500 victims through a decryption tool, The Verge reports.

ALPHV/Blackcat now reportedly claims that it has taken back control of its website and that the FBI only possessed decryption keys for about 400 businesses. At the same time, over 3,000 victims' data are still encrypted by the ransomware gang.

North Korean Hackers Behind macOS Malware Dodging Security Detection in New Campaign
(Photo : Clint Patterson from Unsplash)
Cybersecurity researchers have discovered that the latest macOS malware strains are connected to the RustBucket campaign which is under operation by a group of North Korean hackers.

The gang also declared that its ransomware software would no longer prevent members from assaulting hospitals and nuclear power stations. 

Bleeping Computer now reports that since both the FBI and the ALPHV operators now possess the private keys needed to register the onion URL of the data leak site in Tor, the parties can switch back and forth and take control of the website. 

The ransomware group claims that the FBI could access one of the DCs while leaving the others untouched and that this is how the assault was initially identified after reviewing their papers. DCs are servers that are in charge of data inside a specific domain. 

Read Also: Hackers Are Increasingly Targeting Healthcare Providers 

Blackcat Ransomware Gang

Citing the DOJ as a source, The Verge claims that ALPHV/Blackcat is a well-known ransomware group that has amassed hundreds of millions of dollars in ransom payments from victims worldwide, making it the second most prevalent ransomware-as-a-service variant globally over the previous 18 months. 

Bleeping Computer, in a separate report states that as of September 2023, roughly 250 businesses were outside the United States, and around 75% of the affected organizations were in the United States. The FBI reports that ALPHV Blackcat affiliates had sought over $500 million in ransom payments and had gotten close to $300 million in response. 

The report adds that the gang's concept proves to be having its affiliates locate targets, initiate attacks, and share the earnings with the team, which is responsible for developing and maintaining the ransomware. 

ALPHV/BlackCat is thought to be a rebranding of the infamous DarkSide and BlackMatter ransomware campaign. It first appeared in November 2021, more than two years ago. This gang, formerly known as DarkSide, became well-known worldwide after its attack on Colonial Pipeline, which prompted in-depth inquiries by law officials.

The initial four months of the ransomware gang's activities, from November 2021 to March 2022, affected around 60 breaches affecting firms globally, according to a prior FBI link. 

FBI Against Blackcat 

FBI proves to be vigilant against the notorious cyberware gang as the government body recently provided mitigation strategies to assist network defenders and critical infrastructure companies in lessening the effects and hazards related to this ransomware group's attacks in the joint advisory in cooperation with CISA, as per the same Bleeping Computer report. 

Additionally, the two organizations supplied TTPs (tactics, methods, and procedures) and ALPHV IOCs (indicators of compromise) that the FBI had just discovered on December 6.

Network defenders are reportedly strongly advised to implement multifactor authentication (MFA) using solid passwords across all services, particularly for webmail, VPN, and accounts connected to essential systems, and to prioritize repairing vulnerabilities exploited in the wild.

In addition, they should prioritize vulnerability evaluations as essential elements of conventional security processes and routinely upgrade and patch software to the most recent versions. 

The FBI also released support for the public as the government body highly recommends that Blackcat ransomware victims get in touch with their local FBI field office to learn more about their options and find out what support could be offered. 

Individuals who possess knowledge regarding Blackcat, their associates, or their operations are also urged to get in touch since they can be qualified for a prize under the Department of State's Rewards for Justice initiative.

Related Article: Mr. Cooper Cyberattack Exposes Personal Data of 14.6 Million Mortgage and Loan Customers 

Written by Aldohn Domingo

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: FBI Blackcat Ransomware Ransomware Attack Ransomware Gang Ransomware Hackers Ransomware Group Federal Bureau of Investigation Cybersecurity Cyberhacking Cyberhackers Cybercrime Cybercriminals ALPHV Ransomware group ALPHV
Join the Discussion