Although the main dark web domain of the ALPHV Ransomware has been seized, the blog remains online.
The official website of the notorious ALPHV (aka Blackcat) has been seized by law enforcement authorities, including the FBI, the US DoJ, and several European security agencies under Europol.
The latest development should not come as a surprise, as a few days ago, the ALPHV gang went offline amid rumours that it had been taken down by law enforcement. These claims were categorically denied by the gang; however, today’s seizure confirms the previous rumours.
As seen by Hackread.com, the homepage of the ALPHV ransomware website was defaced with a banner announcing the seizure. However, the blog on which the ransomware gang advertised their hacks is still online and no seizure notice is seen at the time of writing.
“This website has been seized – The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.
This action has been taken in coordination with the United States Attorney’s Office for the Southern District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance from Europol and Zentrale Kriminalinspektion Göttingen.
If you have information about Blackcat, their affiliates, or activities, you may be eligible for a reward through the Department of State’s Rewards for Justice program.”
It’s safe to say that ALPHV ransomware has targeted a wide range of organizations across various industries, including critical infrastructure, finance, education, and manufacturing. However, the exact number of victims and the full extent of the damage remains unknown. The ALPHV gang’s known victims include MGM Resorts, NCR Data Center, Amazon’s Ring, and several others, among which are the following:
- Seiko
- Motel One
- Swissport
- Western Digital
- NCAT State University
- NJVC (US defence contractor)
- Bet9ja (Nigerian betting platform)
- SOLAR INDUSTRIES INDIA (industrial explosives manufacturer)
- Creos Luxembourg S.A. (gas pipeline and electricity network operator).
So What Not?
Although the FBI has not officially announced the seizure, it appears that no arrests were made, and only the domain was taken offline. In a tweet, the online malware repository Vx-Underground claimed that they were contacted by the gang’s team, revealing that they have already moved their server to a new domain.
Random Facts About ALPHV ransomware
- Emerged in December 2021: This relatively new ransomware group quickly gained notoriety for its sophisticated tactics and aggressive targeting.
- BlackCat alias: ALPHV is also known as BlackCat, often used interchangeably.
- Targets: Primarily attacks high-profile organizations across various sectors like finance, healthcare, critical infrastructure, and manufacturing.
- Tactics: Employs double extortion tactics, stealing victim data before encrypting it, and threatening to leak it if ransom demands are not met.
- Technical sophistication: Known for using advanced encryption algorithms and evasion techniques to avoid detection.
As of now, attributing ALPHV to a specific group or country with certainty is difficult due to the nature of cybercrime and the group’s efforts to remain anonymous. Nevertheless, this article will be updated with additional information. So keep visiting Hackread.com!
RELATED ARTICLES
- Finnish Dark Web Marketplace PIILOPUOTI Seized
- NetWire Malware Site and Server Seized, Admin Arrested
- Genesis Market’s Clearnet domain seized; Dark Web site still online
- Ragnar Locker Ransomware Gang Dismantled, Key Suspect Arrested
- Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized