December 11, 2023 at 05:54AM
The BlackCat and Alphv ransomware group’s leak website has been offline for days, believed to be taken down by law enforcement. RedSense reports confirmation by BlackCat’s affiliates and other top-tier groups. The cybercriminals expect a restoration soon, with limited impact on their operation. BlackCat has been active and listed major victims before the takedown.
Key Meeting Takeaways:
1. The official leak website of the ransomware group BlackCat and Alphv has been offline for several days, with law enforcement suspected to be behind the takedown.
2. The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7, following reports from threat intelligence company RedSense attributing the takedown to law enforcement action.
3. BlackCat’s affiliates and other ransomware leadership groups appear to confirm the law enforcement’s involvement in the shutdown.
4. Cybercriminals expect their operations to be restored soon, implying limited impact on their infrastructure.
5. BlackCat website downtime has lasted for four days, marking one of the longest outages for the group.
6. Despite the shutdown, no law enforcement agency has issued a public statement regarding the operation targeting BlackCat.
7. BlackCat’s operators, reportedly Russian speakers, emerged in late 2021 as a ransomware-as-a-service enterprise, with affiliates receiving substantial ransom payments in return for their services.
8. Significant victims of BlackCat ransomware have been listed, including Reddit, Western Digital, Swissport, MGM Resorts, and NCR.
These meeting notes suggest a significant event in the takedown of the BlackCat ransomware operation, with potentially far-reaching implications for its criminal activities and affiliated groups.