December 19, 2023 at 12:33PM
The US Department of Justice seized the ALPHV/BlackCat ransomware operation’s websites and created a decryptor to assist around 500 affected companies in recovering their data for free. By utilizing a confidential human source, the FBI accessed the ransomware gang’s affiliate panel to obtain private decryption keys. This operation is the third of its kind conducted by the FBI to disrupt ransomware operations.
Key Takeaways from the Meeting Notes:
– The US Department of Justice seized websites associated with the ALPHV ransomware operation and developed a decryptor to aid nearly 500 companies in recovering their data for free.
– The FBI utilized a confidential human source (CHS) to infiltrate the ALPHV/BlackCat ransomware operation and gain access to the backend affiliate panel, allowing them to obtain private decryption keys used in attacks.
– The FBI also obtained 946 public and private key pairs associated with the ransomware operation’s Tor negotiation sites, data leak sites, and management panel and saved them to a USB flash drive stored in Florida.
– The FBI’s access to these key pairs allowed them to effectively control the Tor URLs associated with the ransomware operation, enabling them to seize the affiliate panel and other related sites.
– This operation represents the third known instance where the FBI has successfully breached a ransomware operation’s infrastructure to monitor activities and obtain decryption keys.
– It is anticipated that the ransomware operation, BlackCat/ALPHV, will likely shut down and rebrand under a new name in the coming months.