A notice on the ALPHV – also known as BlackCat – dark web blog says that authorities have seized it, hinting that earlier issues with the gang’s website were indeed related to law enforcement activity.
The walls are closing in on the notorious ransomware cartel, as its infrastructure appears to have been penetrated by an international group of law enforcement agencies.
“The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat ransomware,” reads the message on the gang’s leak site.
The gang’s website went down in early December, prompting rumors that it either had its door knocked down or opted to rebrand once more.
However, malware researchers vx-underground, who maintain contact with various ransomware groups, shared a snippet of a supposed conversation with ALPHV's administrator, saying that the feds seized an old domain.
"We changed the blog and that one was deleted," the alleged ALPHV administrator said.
The gang supposedly shared a working website address, which Cybernews could not successfully access.
However, even if the gang managed to move to a separate server, increased attention from law enforcement will likely limit criminal affiliates' willingness to join the gang's ranks. Some pundits speculate that the supposedly operational site could be a honeypot set up by the FBI.
Since ransomware cartels operate by renting malware to individuals willing to deploy it and extort victims, perceived immunity to law enforcement is important.
FBI releases ALPHV decryptor
Minutes after the gang's leak site was decorated with the "seized" wallpaper, the US Department of Justice (DoJ) released a statement, saying the FBI has developed a decryption tool that enables law enforcement agencies to help victims with restoring their systems.
"The FBI has also gained visibility into the Blackcat ransomware group’s computer network as part of the investigation and has seized several websites that the group operated," reads the DoJ's statement.
Authorities maintain that ALPHV has targeted over 1,000 victims and has climbed the ladder to be among the most prolific cybercrime groups to date, extorting hundreds of millions of dollars in ransom.
The operation against ALPHV was coordinated between the US, Germany, Denmark, Australia, the UK, Spain, Switzerland, and Austria as well as Europol.
Who is ALPHV/BlackCat?
ALPHV ransomware was first observed in 2021 and is known to operate as a ransomware-as-a-service (RaaS) model by selling malware subscriptions to criminals. The Russia-linked gang carried hundreds of ransom attacks, causing an estimated loss of over $1 billion in 2023.
Known for its triple-extortion tactics, the gang was responsible for the September ransomware attacks on the Las Vegas casino giants MGM Resorts, as well as Caesars International, who is rumored to have paid a $15 million ransom to keep operations running.
This is a developing story.
More from Cybernews:
Subscribe to our newsletter