Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

FBI Seizes BlackCat Infrastructure; Group Has New Domain | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | #hacking | #aihp

Fraud Management & Cybercrime

U.S. authorities seized dark web infrastructure belonging to the BlackCat ransomware group. (Image: Shutterstock)

U.S. authorities seized dark web infrastructure of the BlackCat ransomware-as-a-service group although the Russian-speaking threat actor said it reestablished operations.

See Also: APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations

The data leak site of the ransomware group, also known as Alphv, as well as its Tox peer-to-peer instant messaging account, went offline Dec. 7, prompting speculation of a law enforcement operation (see: Ransomware Group Offline: Have Police Seized Alphv/BlackCat?).

Security researchers said BlackCat has listed more than 650 victims on its data leak site since launching in late 2021 as a spinoff of the now-defunct Conti ransomware group. Victims include operators of U.S. critical infrastructure. In March, it leaked images of breast cancer patients disrobed from the waist up stolen from a Pennsylvania-based healthcare group (see: BlackCat Leaking Patient Data and Photos Stolen in Attack).

As part of the seizure operation, the FBI developed a decryption tool that could decrypt the systems of more than 500 victims, the U.S. Department of Justice said.

A BlackCat representative downplayed the seizure according to a screenshot of a conversation with vx-underground, stating that the FBI “have a stupid old key from an old blog.” An apparent new leak site with a handful of listings dated as recently as Monday is active.

A court filing shows the FBI infiltrated the ransomware operator through a confidential informant who posed as an affiliate. Through the informant, the FBI was able to download 946 BlackCat victim communication sites, leak sites and affiliate panels accessible through the Tor network.

The ransomware group has recently embraced a new tactic to pressure victims into paying. It now says it will inform U.S. federal regulators about a ransomware infection unless it receives an extortion payment. As of Monday, publicly traded U.S. large and medium companies must disclose most “material cybersecurity incidents” within four business days of determining materiality (see: SEC Votes to Require Material Incident Disclosure in 4 Days).).

Security researchers believe that BlackCat began as a reboot of a notorious group known as BlackMatter, which was itself a rebrand of DarkSide. BlackMatter announced in November 2021 that it was shutting down.

The U.S. government fingered DarkSide for a 2021 ransomware attack on Colonial Pipeline that disrupted the gasoline supply in the southeastern United States. DarkSide shut operations after saying in May 2021 that it lost access to the public part of our infrastructure. The Justice Department in June 2021 seized nearly 64 bitcoins Colonial Pipeline used to pay a ransom.

Click Here For The Original Source.