ALPHV/BlackCat dismantles operations with fake FBI takedown

BleepingComputer reports that the ALPHV/BlackCat ransomware gang has finalized the exit scam operation it began on Friday with the sale of their malware source code for $5 million and the posting of a fake server seizure banner notification from the FBI as the group sought to pin its takedown to law enforcement efforts.

Further examination of the seizure banner leveraged by ALPHV/BlackCat revealed that it had been sourced from an archive, with ransomware expert Fabian Wosar saying that the notice had been taken from a former leak site and displayed using a Python HTTP server. While the FBI has yet to comment on the ALPHV/BlackCat shutdown, both Europol and the UK's National Crime Agency, which were also named in the fraudulent notice, were noted by Wosar to have denied a role in such an operation. Such a development comes after ALPHV/BlackCat had been accused by a long-time affiliate "Notchy" of stealing the $22 million ransom allegedly paid by Optum for the attack against fellow UnitedHealth subsidiary Change Healthcare.