Got tips? US offers $15M reward for info on ALPHV/BlackCat


The ALPHV/BlackCat ransomware syndicate now has a $15 million bounty on its head, courtesy of the US government.

Continuing its relentless campaign to take down the ALPHV/BlackCat ransomware group, the US State Department announced Thursday it would fork over up to $15 million dollars to anyone who comes forward with information about the infamous gang.

The first $10 million goes to the person who can provide information leading them “to the identification or location of anyone holding a key leadership position” in the ransomware cartel.

Next, US officials said they’ll hand over another $5 million if that information leads to “the arrest or conviction of anyone participating in or conspiring or attempting to participate in a ransomware attack using the ALPHV/BlackCat variant.”

“The US government is making a big statement here,” said William Wright, CEO of Closed Door Security.

Wright said going after both ALPHV/BlackCat ring leaders plus anyone associated with the gang or involved in its attacks, only demonstrates that “the government does not take cybercrime lightly and any attackers, regardless of their rank, will face the consequences of the law.”

ALPHV/BlackCat gets bold

ALPHV/BlackCat ransomware was first observed in 2021 and is known to operate as a ransomware-as-a-service (RaaS) model by selling malware subscriptions to criminals.

Known for its triple-extortion tactics, the gang was responsible for the September ransomware attacks on the Las Vegas casino giants MGM Resorts, as well as Caesars International, who is rumored to have paid a $15 million ransom to keep operations running.

“BlackCat is one of the world’s most notorious ransomware groups, with the criminals being behind massive attacks that earned them millions in ransoms,” said Wright.

“Many security experts also believe that BlackCat is a rebranding of the BlackMatter / DarkSide ransomware groups, so the attackers potentially have been prevalent for many years and have earned far more money than law enforcement will ever know about, “ Wright further explained.

In December 2023, the FBI was able to infiltrate and seize the gang’s dark website – but, in a reversal of fortune, less than 24 hours later, ALPHV/BlackCat announced it had “unseized” its website back from the FBI, kicking off a days-long cat and mouse game between the two.

In the end, the ransom group set up shop using another address, but not before the FBI was able to extract one of the gang’s decryptor tools, which it then passed out to dozens of ALPHV/BlackCat ransomware victims to restore their computer systems.

Over 1,000 victim entities globally have been compromised by the group’s notorious ransomware variant, with losses totaling in the billions, according to security insiders.

The December FBI operation is said to have saved victim companies a total of $99 million dollars in ransom demand payments.

ALPHV/BlackCat $15 reward

Defending against ransom attacks

Other big names making the gang’s victim list include Clorox, Dole, NCR, Henry Shein, VF Corp, and just this week, major Canadian pipeline operator Trans-Northern Pipelines.

The State Department’s Transnational Organized Crime Rewards Program (TOCRP) is in charge of the bounty, and provided a Tor-based tip line for anyone with information. Those outside the US are asked to contact their nearest US embassy or consulate.

Earlier this month, the TOCRP offered a similar $15 million reward for information on the Hive ransomware group.

“Hive ransomware attacks have caused major disruptions for more than 1,500 victims in over 80 countries around the world,” according to the agency.

Additionally, the US Justice Department and the FBI recently announced it was joining forces with multiple nations, including the UK, Australia, Germany, Spain, and Denmark, to root out the criminal groups.

Wright points out that even with the US manpower behind this latest campaign to catch these groups, organizations should still be vigilant in the face of ransomware.

“Whether this reward helps unearth the people behind the gang is yet to be seen. Governments across the world are taking strong action against groups, but the threat still looms large, and organizations must prioritize their defenses,” Wright said.

The CEO says to protect against ransomware, organizations must prioritize security awareness among employees so they understand the techniques these gangs often use to infiltrate systems.

Security teams must also keep up to date with patches released from vendors, and engage in regular pen testing “to help unearth and seal weaknesses before criminals get a chance to exploit them," Wright said.


More from Cybernews:

Waymo recalls 444 self-driving vehicles over software error

Volt Typhoon takes the stage: what we know about “defining threat of our generation”

Want to return your Vision Pro headset? Friday’s the deadline

40% of UK adults unaware that AI-generated abuse material is illegal

Global elections are here, and so are those aiming to sabotage them 

AI girlfriends feast on your data

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked