Seizure and decryption tool

The Department of Justice recently published a press release stating that the FBI, supported by multiple government agencies in Europe, has been able to seize the official website of a cyber gang called BlackCat, also known as ALPHV and Noberus.

The criminal organization and its affiliates are responsible for some of the most high-profile cyber-attacks in the USA in 2023. Their illegal actions have caused damages worth hundreds of millions of dollars. 

Impact and FBI’s response

The government agency not only managed to take the website down but also released a free decryption tool. This tool helps organizations deal with files infected by the ransomware-as-a-service group.

The FBI-developed tool has been able to help hundreds of affected organizations worldwide, saving approximately $68 million in ransom requests. FBI also stated they have gained visibility into the cyber gang’s computer network.

The government believes such steps could eventually dismantle the ecosystem that fuels this ransomware cybercrime. 

Ongoing battle with BlackCat

Sadly, cyber organizations often tend to move faster than law enforcement agencies, as BlackCat adapted pretty quickly to the new rules set by the FBI. Bleeping Computer reported that BlackCat has managed to ‘reseize’ its website multiple times.

The ransomware group’s website isn’t in operation as the FBI and BlackCat go back and forth, claiming the URL from each other.

It is unknown if this battle will end soon, but the criminal organization might have to rebrand to continue operating. In fact, BlackCat has started promoting a new URL as their future home. 

Concerns and countermeasures

In a statement to Bleeping Computer, the hackers also said that they no longer avoid critical infrastructure and now allow their affiliates to target any organization they want, including power plants and hospitals.

The only organizations that appear to be safe from hacker attacks are companies located in countries that used to belong to the now-defunct Soviet Union.

The hacker organization also claimed that the actions of the FBI might have saved hundreds of organizations but have also caused thousands of others never to receive a decryption key, even if ransom demands are met. 

Global challenges and cybersecurity measures

Ransomware-as-a-service operators continue to be a threat. Even though Western law enforcement agencies sometimes manage to take them down. Real criminals are rarely captured and held to justice so they simply resurface under a new brand name.

The criminals are also often located in countries that are not very cooperative when it comes to requests from the USA justice system and its allies. That makes those criminals almost untouchable. With hackers saying that their malicious code could be deployed anywhere and on anyone, having reliable antivirus software on all connected devices is an absolute must.