Dec 19, 2023 - Technology

FBI seizes BlackCat ransomware website, offers decryption key

Screenshot of a seizure notice on the the Black Cat ransomware gang dark-website

Screenshot: Law enforcement seizure notice on the BlackCat ransomware gang's dark web site.

Federal law enforcement officials announced Tuesday they had taken down the online infrastructure belonging to the BlackCat ransomware gang and offered victims a decryption key.

Why it matters: The takedown disrupts the operations of what the Justice Department believes is the "second most prolific ransomware-as-a-service variant" circulating around the world right now.

The big picture: BlackCat, also known as ALPHV or Noberus, is estimated to have targeted more than 1,000 victims since its inception more than 18 months ago, according to the DOJ.

  • Federal officials also said the hacks disrupted U.S. critical infrastructure, including government facilities, emergency services, defense industrial base companies, critical manufacturing and healthcare and public health facilities.
  • Some of the gang's victims have included hospitals, data storage company Western Digital and drug manufacturer Sun Pharmaceuticals.
  • BlackCat's ransomware is also believed to be linked to the hack on MGM Resorts earlier this year.

Details: A law enforcement seizure notice is now on the BlackCat gang's dark-web leak site, per a notice seen by Axios.

  • The notice indicates that the FBI worked alongside a set of international law enforcement partners to take down the site, including countries across Europe and Australia.

Meanwhile, the DOJ said the FBI had developed a decryption tool to help the gang's victims who came to law enforcement.

  • During the investigation, the FBI offered the tool to more than 500 victims to restore their systems after the BlackCat gang, or its affiliates, deployed file-encrypting malware.
  • The FBI worked with dozens of victims in the U.S. and internationally to recover their systems, sparing victims from a total of $68 million in ransoms, per the DOJ.

Yes, but: Online infrastructure takedowns are often a short-term solution for stopping ransomware gangs from operating.

Go deeper