BlackCat Ransomware Group Got Busted
BlackCat’s (ALPHV) website displayed the message “This Website Has Been Seized,” followed by the mention that the operation was conducted by the FBI. This suggests that the FBI has cracked down on the BlackCat group, but has it?
- BlackCat is a well-known name in the ransomware sphere with notable hacking operations, including a massive one against Reddit in 2023
- The group has been on the FBI’s wanted list ever since its inception in mid-November of 2021
- BlackCat has constantly evolved its systems and tools, which culminated with the release of the Sphinx variant in February of 2023
- A May 2023 report indicated that BlackCat was responsible for at least 350 victims worldwide
BlackCat is considered one of the most influential, dangerous, and resourceful ransomware operators in the world, on par with Lockbit and the defunct Hive. The organization has conducted major ransomware breaches during its lifespan.
Aside from the Reddit operation, BlackCat is also responsible for the attacks against MGM and Caesars, the largest casinos and gaming companies in New York. As a result of the attack, Caesars paid the $15 million ransom, while MGM did not.
Because of it, MGM had to shut down its systems for several weeks, most likely incurring significant financial losses.
This showcased BlackCat’s potential and strength and explains why the FBI was so invested in its downfall. But why was BlackCat so effective at securing high ransom payments when other ransomware actors struggle to get paid?
The FBI pointed out 2 major reasons for that:
- The group’s outstanding ransomware proficiency
- Their willingness to lower the ransom
These 2 reasons are enough for the victims to feel compelled to pay. They could also handle the problem themselves and ignore negotiations. But, as the MGM case proved, that could be very costly as well.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
What Really Happened with BlackCat?
If you didn’t keep track of the news recently, you may not know that the FBI operation that clamped down on BlackCat actually took place on December 19 of last year. So, why is this newsworthy now?
The main reason is that the FBI announced in February of this year that they are offering a substantial monetary reward in exchange of information about BlackCat leaders. We’re talking about $10 million.
Needless to say, this has sparked quite an interest in the ransomware sphere, and the feds are counting on it. The hope is that someone will eventually take on the offer, whether it’s an insider or someone working for the competition.
Then there’s the theory that BlackCat’s downfall may not be the result of any FBI operation. It may not have even happened. Instead, the organization itself may have posted the so-called “evidence” of their seizure to throw people off track.
This isn’t a novel strategy. Many suggest that that’s exactly what Lockbit did when the group’s website displayed the same message not long ago. Only for Lockbit to emerge perfectly fine several days later and strike at the FBI’s website itself.
As of now, BlackCat has ceased its activity, so it’s uncertain where things will go from here.