FBI seizes BlackCat ransomware website, offers decryption key

The big picture: BlackCat, also known as ALPHV or Noberus, is estimated to have targeted more than 1,000 victims since its inception more than 18 months ago, according to the DOJ.

• Federal officials also said the hacks disrupted U.S. critical infrastructure, including government facilities, emergency services, defense industrial base companies, critical manufacturing and healthcare and public health facilities.
• Some of the gang's victims have included hospitals, data storage company Western Digital and drug manufacturer Sun Pharmaceuticals.
• BlackCat's ransomware is also believed to be linked to the hack on MGM Resorts earlier this year.

Details: A law enforcement seizure notice is now on the BlackCat gang's dark-web leak site, per a notice seen by Axios.

• The notice indicates that the FBI worked alongside a set of international law enforcement partners to take down the site, including countries across Europe and Australia.

Meanwhile, the DOJ said the FBI had developed a decryption tool to help the gang's victims who came to law enforcement.

• During the investigation, the FBI offered the tool to more than 500 victims to restore their systems after the BlackCat gang, or its affiliates, deployed file-encrypting malware.

• The FBI worked with dozens of victims in the U.S. and internationally to recover their systems, sparing victims from a total of $68 million in ransoms, per the DOJ.

Yes, but: Online infrastructure takedowns are often a short-term solution for stopping ransomware gangs from operating.

• Since many of the BlackCat members are believed to be based in Russia, arrests are nearly impossible, and ransomware gangs are used to having to reinvent themselves.
• BlackCat is already believed to be a rebrand of the DarkSide ransomware gang, which was behind the 2021 attack on Colonial Pipeline.