FBI takes down BlackCat ransomware; releases free tool for victims

The United States Justice Department (DoJ) has declared the disruption of the BlackCat ransomware operation and has released a decryption tool for over 500 affected victims to recover access to files that were locked by the malware. This confiscation effort saw collaboration and support from multiple law enforcement agencies across the United States, Germany, Denmark, Australia, the United Kingdom, Spain, Switzerland, and Austria.

According to court documents, the U.S. Federal Bureau of Investigation (FBI) engaged a confidential human source (CHS) to serve as an affiliate for the BlackCat group, gaining access to a web panel used to manage the hacker group's victims, essentially hacking the hackers.

BlackCat, also known as ALPHV, ALPHV-ng, GOLD BLAZER, and Noberus, initially emerged back in December 2021 and has become the second most prolific ransomware as a service variant globally after LockBit. Notably, it is the first ransomware strain based on the Rust language to be observed in the wild. 

It is estimated that BlackCat has compromised more than a thousand victims across the globe and has illegally earned almost USD 300 million as of September 2023.

BlackCat, similar to other ransomware groups, operates on a ransomware as a service model, featuring a combination of core developers and affiliates. Affiliates rent out the payload and play a role in identifying and targeting high-value victim institutions. Additionally, it employs a double extortion scheme, exerting pressure on victims to make payments by first exfiltrating sensitive data before encrypting it.

Earlier this year, BlackCat hackers stole over 170 GB data from Bangladesh Krishi Bank. The cyber attack went undetected for 12 days allowing the hackers to gain sensitive data from the bank.