Ransomware

ALPHV/BlackCat dismantles operations with fake FBI takedown

Ransomware

BleepingComputer reports that the ALPHV/BlackCat ransomware gang has finalized the exit scam operation it began on Friday with the sale of their malware source code for $5 million and the posting of a fake server seizure banner notification from the FBI as the group sought to pin its takedown to law enforcement efforts.

Further examination of the seizure banner leveraged by ALPHV/BlackCat revealed that it had been sourced from an archive, with ransomware expert Fabian Wosar saying that the notice had been taken from a former leak site and displayed using a Python HTTP server. While the FBI has yet to comment on the ALPHV/BlackCat shutdown, both Europol and the UK's National Crime Agency, which were also named in the fraudulent notice, were noted by Wosar to have denied a role in such an operation. Such a development comes after ALPHV/BlackCat had been accused by a long-time affiliate "Notchy" of stealing the $22 million ransom allegedly paid by Optum for the attack against fellow UnitedHealth subsidiary Change Healthcare.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds