On December 19, 2023, the FBI announced it had infiltrated the Russian cybercriminal group ALPHV/BlackCat, the world’s runner-up in ransomware attacks. The federal agency seized the group’s dark web site, and got their hands on decryption keys, which allowed more than 500 organizations to retrieve their data.
“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime,” commented Lisa O. Monaco, United States Deputy Attorney General.
BlackCat reacted strongly to the operation. The Ransomware-as-a-Service (RaaS) first regained temporary control of its dark web site, then maintained the FBI had only reached part of the infrastructure. According to the cybercriminal group, the authorities’ operation made it impossible to decrypt the data of 3,000 additional victims.
To encourage its affiliates to continue launching attacks, the group drastically cut its commission to 10% of the bounty, compared to 20% and 40% previously. More importantly, BlackCat lifted all restrictions on its members, including those against attacking hospitals and critical infrastructure.
“We are implementing new rules, or rather, we are removing ALL rules except one: only the CIS (organization of former Soviet republics led by Russia, editor’s note) is off-limits. You can now paralyze hospitals, nuclear power plants, whatever you want, wherever,” thus stated the cybercriminals.