December 20, 2023 at 03:40PM
BlackCat/ALPHV ransomware leaders claim they’ve restarted operations on their primary blog despite DOJ’s control. In response to law enforcement actions, they’ve lifted ban on cyberattacks against critical infrastructure. However, experts doubt their quick comeback ability. FBI seized server and data, but BlackCat set up a new site. Cybersecurity insiders warn of increased critical infrastructure cyberattacks.
From the meeting notes, it appears that the BlackCat/ALPHV ransomware leaders have claimed to have restarted operations on their primary blog, despite the Department of Justice’s claim that they gained control of the site. Additionally, they have announced that they have dropped a previous ban on cyberattacks against critical infrastructure, posing a heightened threat to critical infrastructure.
However, it’s noted that experts have doubts about BlackCat’s ability to successfully make a quick comeback. According to Steve Stone from Rubrik Zero Labs, the FBI and other law enforcement organizations have seized control of the data repository and the ALPHV site used for their ransomware-as-a-service operations. Stone indicates that BlackCat’s response involves spinning up a new server and applying their security key, resulting in a cycle where the FBI reverts the new site to the original seized one.
Furthermore, cybersecurity insiders have warned about the increased threat of cyberattacks on critical infrastructure due to BlackCat’s lifting of restrictions for its affiliates. Chris Grove, director of cybersecurity strategy for Nozomi Networks, suggests that organizations operating critical infrastructure should be on high alert due to the potential for increased cyberattacks, given BlackCat’s new stance.
It’s notable that ransomware is a lucrative business, and despite BlackCat’s degraded operations, they may act out of desperation to maintain their criminal activities, funding their operations at the expense of society’s safety and peace.