U.S. law enforcement agencies said they shut down the online operations of the notorious Russia-linked BlackCat ransomware-as-a-service (RaaS) group and developed a decryption tool that will help more than 500 victims regain access to their encrypted data files.
However, the threat group – also known as ALPHV – responded soon after with what its operators called an “unseizing” of its leak site and promises to ramp up its activity, including offering affiliates that continue to use its ransomware a 90% commission and opening up hospitals and nuclear power plants to attacks.
The operation by the FBI and Justice Department (DOJ) against BlackCat is the latest in a series of initiatives by the U.S. government designed to stem the growing tide of ransomware and other attacks by shutting down the threat groups’ operations. In January, the DOJ announced it had penetrated the servers of the Hive ransomware group and offered decryption keys to victims.
The DOJ and FBI said in August that it took down the infrastructure of the QakBot phishing group. However, despite the operation, QakBot’s tactics are still being used by such groups as DarkGate and PikaBot.
All this comes as ransomware groups continue to roll up targets. According to Statista, almost 73% of companies worldwide have been victims of ransomware attacks this year, a steady increase from 62.4% in 2020.
More Than 1,000 Victims
According to the DOJ, the BlackCat group since late 2021 has racked up more than 1,000 victims – including critical infrastructure entities, schools, financial firms, and healthcare organizations – and over the last 18 months had become the second most prolific RaaS op ..
Support the originator by clicking the read the rest link below.
