As the week started there was still no official confirmation from law enforcement that the notorious ALPV/BlackCat site had been taken down.
Late last week, study teams and news organizations reported, and RedSense showed on Dec. 8, that authorities had shut down the ransomware group’s site, but without official confirmation from the FBI or other law enforcement sources, this remains speculative.
SC Media’s efforts to download the FBI’s confirmation failed.
An article published in X via vx-underground on Dec. 10 claimed that a dozen more people had asked about ALPHV and the sudden outage of its website. The vx-underground post claimed that they hadn’t heard any rumors that they had been arrested. nor had they heard any rumor that their servants would be confiscated.
“The only mentions of these rumors are from other people asking us about these rumors,” said vx-underground. “We cannot comment the legitimacy of these claims because we have no way to substantiate them. ALPHV informed us they are experiencing hardware failure on their server. This is the second or third time this has happened to the best of our knowledge. It is our opinion that ALPHV is indeed experiencing issues with their hosting provider. But, this is just an opinion and we have been wrong many times.”
In a Dec. 8 blog post, ReliaQuest said the cause of the ALPHV/BlackCat outage is still unclear, whether it’s the result of a technical factor of hosting through ALPHV operators or possible law enforcement action.
Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest, said the biggest impact of a potential permanent removal of ALPHV is likely a significant short-term disruption to ransomware globally. ALPHV has become well-known as one of the more prominent ransomware groups in operation, tracked by ReliaQuest as the third most active in Q3 2023.
“The removal of this organization from the ransomware landscape will undoubtedly leave a vacuum, and its operators and affiliates will likely turn to other ransomware teams or form new teams,” Morgan said. “Unfortunately, this is not an unusual end result after a law enforcement operation, reflecting the existing game of Whack-A-Mole in law enforcement that seeks to have a significant effect against this pernicious form of cybercrime. “
Craig Harber, security evangelist at Open Systems, said that if the site of the leak is removed, it would only be an inconvenience to the ALPHA/BlackCat hacker group. Harber said they would complete their duties on a new set of servers and continue operations.
“From the victim’s perspective, there are few advantages to cutting off the knowledge leak site unless the keys used to encrypt the victim’s knowledge are recovered,” Harber said. “Even if the victim’s knowledge is recovered, it is highly likely, copies of that knowledge will still be in the hands of the hacker organization. In addition, there could be an accidental result in disrupting communications between the hacker organization and its victims. If patients use the site to speak with the hacker organization, their recovery is delayed until they identify a new channel of communication.
Andrew Barrett, vice president of Coalfire, said it’s tricky because we only have rumors and speculation. Barrett said the FBI and CISA have been working for some time on the dismantling of “Scattered Spider” and that they are a well-known subsidiary of ALPHV/BlackCat. , so it is conceivable that the police work would be successful.
“Threat intelligence firm RedSense claims, without foundation, that the site was taken down by law enforcement,” Barratt said. “With the conflicting rumors about ‘maintenance’ windows, it’s probably worth seeking out reports from the FBI, CISA, and foreign partners to accompany that this is indeed their job. “
Simon HenderyDecember 11, 2023
Publicly traded corporations will have to disclose attacks to the SEC, unless the Justice Department makes a decision, they may endanger national security or public safety.
Leading Canadian multinational shoe retailer Aldo has downplayed the effect of a recent intrusion claimed via a LockBit ransomware gang, which it said targeted one of its franchise partners but did not shut down its operations after a shutdown immediately, according to The Record, news. site of the cybersecurity company Recorded Future.
BleepingComputer reports that the Linux systems of telecommunications companies in Thailand have been stealthily compromised via the Krasue remote Trojan, which has sought to be persistent on the host since 2021.
By clicking the Subscribe button below, you agree to SC Media’s Terms and Conditions and Privacy Policy.