Among the world’s most notorious ransomware groups, ALPHV (BlackCat) has emerged as a digital tyrant, hasn’t it?
The first inquiry you should ask the coalition of foreign police forces that recently took control of its infrastructure will lead you to a clear well.
It seemed like ALPHV was in peril on December 7 when the group’s dark websites went down. Those websites published information dumps and negotiated malware. Since malware teams rely on dark web services and require a large amount of infrastructure to run their operations, this is quite rare. They can’t talk or communicate effectively without it.
This suggested that the arrest of ALPHV was the result of an officer’s conduct. On December 19, the United States Department of Justice (DOJ) confirmed the seizure of the group’s servers through an international operation.
This website has been seized,” the message would have been displayed to those attempting to access the organization’s blockchain domain, alongside the emblem of the U.S. Justice Department.
Well, that was it.
But ALPHV didn’t become famous and famously famous by sitting on its hands. Claiming to have come back from the dead on December 19, the domain displayed the furious statement ” THIS WEBSITE HAS BEENUNSEIZED.”
This back-and-forth revealed something that had previously gone unnoticed in hacker takedowns: the criminals were battling once more. The Department of Justice quickly reclaimed control after just two hours.
In an odd move of revenge, the organization said that it had also removed constraints that prevented its affiliates from regularly targeting vital national infrastructure (CNI) such as hospitals.
Scratches the Dirt
But this is a major setback for ALPHV as well.
The haughty group went to the SEC in November 2023 to report a cyberattack after first reporting it to the organization in November 2023.
We wrote at the time that it was an ingenious and cheeky move to promote a RaaS platform, which has been a major threat to ransomware since its introduction in late 2021.
The Department of Justice has recently come clean about the fact that ALPHV, in its current incarnation, was living on borrowed time for quite a while as it pursued this peculiar tactic.
It would appear that officers have been secretly investigating the inner workings of the party for some time now. It seems this would have given the squad additional information about its broader activities while simultaneously enabling them to continue their campaign against victims.
This goes beyond mere data. Among the several names allegedly used by the group over the years are DarkSide (which was compromised in June 2021 by police) and BlackMatter (whose encryption device was compromised a few months later by a security firm).
Is there a way to stop ALPHV from simply rebranding and starting again? The detrimental effects of its popularity have been mostly mitigated. Nevertheless, it’s plausible that the intelligence required to make that task more challenging this time was generated by the longer the authorities were in operation.
The cops were able to breach a major malware program; how did they do it? The State Department has started paying out huge incentives under the TOCRP program for information about famous groups at a rate of $10 million per pop, but we probably won’t ever find out.
That may be a pittance for a ransom organization, but it’s a tidy sum for an ambitious outsider ready to play the role.
Repairing Lost Files
Thanks to the latest FBI attack, 500 victims of ALPHV will soon obtain the encryption keys they need to recover their information. This was the same as $68 million in ransom, according to American officials.
If there is a catch to all this good data, decrypting papers isn’t the end game anymore with today’s ransom. The inerasure and permanent loss of personally identifiable information (PII) caused by these breaches makes the damage all the more devastating.
Despite ALPHV’s unexpected gift, no amount of government intervention can ever restore data after the event.