ALPHV/Blackcat ransomware group dismantled

Posted date 04/01/2024

On 20 December 2023, the US Department of Justice announced a US-led multinational disruption operation against the Blackcat ransomware group, also known as ALPHV or Noberus, whose malicious activity has affected thousands of victims' computer networks and caused damage worldwide.

The gang's Tor-based jailbreaking site first became inaccessible on Thursday, 7 December, due to this police action and the disruption persisted for several days. The FBI's search warrant reveals that they were able to identify and collect 946 public/private key pairs that the ransomware group used to operate its various onion services, including affiliate panels, breach sites and sites for victim communications.

However, the Blackcat group confirmed that these keys would only be useful to some 400 affected companies and that in response to the police operation they would withdraw the rules that governed them, allowing affiliates to lock down hospitals, nuclear power plants and other critical infrastructure.