Rewterz Threat Update – BlackCat Ransomware Gang Announces Revenge Attacks After Website Disrupted by FBI

Severity

High

Analysis Summary

BlackCat/ALPHV ransomware operators recently claimed on their main blog that their operations have been restarted despite the claim by the Department of Justice that it had control over the site. The gang also states that in retaliation for law enforcement’s actions against them, they will now drop a previous ban on cyberattacks against critical infrastructure.

The ransomware leaders also claimed that, other than “unseizing” the websites, the decryption key that is offered by the FBI is from an older blog and is now outdated. However, the security experts doubt BlackCat to comeback so quickly because the first thing is clear that the data and server have indeed been seized by the FBI. In simpler terms, the FBI and other law enforcement organizations have seized control of a data repository successfully and also took control of the ALPHV website which they used to run their ransomware-as-a-service (RaaS) operations.

The gang responded by setting up a new server and applying their security key to it, making it into their new site. However, the FBI is capable of reverting the new site to the old one that is already in their control, and the cycle will continue. On the other hand, a new threat emerges of fresh cyberattacks on critical infrastructure as BlackCat lifts the ban on its affiliates in retaliation.

Seeing ALPHV’s new stance, the possibility of an increase in cyberattacks on critical infrastructure is very high. Organizations that are operating critical infrastructure should be extremely cautious because these developments might be able to bring back a dormant phase in cybercriminal tactics where critical infrastructure is fair play.

The ransomware group’s operations are degraded, but they may act out of desperation to maintain their status and image as a safe system for threat actors to use for their malicious activities. Ransomware is a profitable business and BlackCat doesn’t seem like it will back down. Just in the short amount of time they’ve been active, the gang was able to cash in $300 million to fund their operations, and it is something they will fight for at the expense of the peace and safety of our society.

Impact

• Financial Loss
• Operational Disruption

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Emails from unknown senders should always be treated with caution.
• Never trust or open links and attachments received from unknown sources/senders.
• Keep your software up to date. Software updates often include security patches that can help to protect your systems from known vulnerabilities.
• Use strong passwords and multi-factor authentication. This will make it more difficult for attackers to gain access to your systems.
• Back up your data regularly. This will help you to recover if your systems are encrypted by ransomware
• Deploy robust endpoint security solutions, including antivirus, anti-malware, and intrusion detection systems, to detect and prevent threats like BlackCat ransomware.
• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.