Open battle between FBI and ALPHV – BlackCat

B2B Cyber ​​Security ShortNews

Share post

The FBI continues to take action against the APT group ALPHV alias BlackCat. The FBI briefly blocked the group's leak page on the dark web. Now it's open again and ALPHV announces in Russian that 3.000 companies will never receive the keys to their ransomware.

There has never been a more open exchange of blows between the FBI and an APT group. The FBI published a statement saying that it had taken over various ALPHV servers and was now making a decryption tool available to 500 victims. “By dismantling the BlackCat ransomware group, the Department of Justice has hacked the hackers again,” said Assistant Attorney General Lisa O. Monaco.

The ALPHV leak page on the darknet was the first to be confiscated (Image: B2B-C-S).

🔎 The ALPHV leak page on the darknet was first confiscated by the FBI (Image: B2B-C-S).

“With a decryption tool that the FBI made available to hundreds of ransomware victims worldwide, businesses and schools were able to reopen and health and emergency services were able to come back online. We will continue to prioritize disruption and put victims at the heart of our strategy to disrupt the ecosystem that fuels cybercrime.”

ALPHV counters this with threats

On the Darknet, the FBI had marked the leak page with a note saying that the page had been “seized”. Just a few hours later, ALPHV had the upper hand on the site again and “hijacked” the site again. Apparently the FBI and APLHV have the necessary access keys for the site and cannot block each other.

But ALPHV was able to unblock the leak page and, in its own words, has it

🔎 But ALPHV was able to reactivate the leak page and, in its own words, “confiscated” it (Image: B2B-C-S).

On the unblocked page, ALPHV provides the address for a new leak site that the FBI would not have access to. The group also blatantly threatens in Russian that they now know how the FBI used to gain access. The declaration of war continues: “The maximum they (editor’s note “the FBI”) have are the keys from the last month and a half, that’s about 400 companies, but now more than 3.000 companies will never receive their keys.” The threat continues: “Because of your actions, we are introducing new rules, or rather, we are removing ALL rules…. Thank you for your experience, we will consider our mistakes and work even harder, we are waiting for your whining in chats and requests for discounts that no longer exist.”.

New leak site is online – but only 6 victims

The new leak page is now online, but it currently only shows 6 new victims of the ransomware group. The extent to which the entire ALPHV ecosystem was destroyed by the FBI is still unclear. But the FBI has already proven several times that it is not a toothless tiger. That's what happened dismantling the Ragnar Locker ransomware gangwhich  QBot or Qakbot network dissolved or last HIVE members arrested.

More at


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more