FBI Takes Down BlackCat Ransomware, Release Free Decryption Tool

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S. Federal Bureau of Investigation (FBI) enlisted the help of a confidential human source (CHS) to act as an affiliate for the BlackCat and gain access to a web panel used for managing the gang's victims, in what's a case of hacking the hackers. BlackCat, also called ALPHV and Noberus, first emerged in December 2021 and has since gone on to be the second most prolific ransomware-as-a-service variant in the world after LockBit. It's also the first Rust-language-based ransomware strain spotted in the wild.

The development puts an end to speculation of a rumored law enforcement action after its dark web leak portal went offline on December 7, only to resurface five days later with just a single victim.

The FBI said it worked with dozens of victims in the U.S. to implement the decryptor, saving them from ransom demands totaling about $68 million and that it also gained insight into the ransomware's computer network, allowing it to collect 946 public/private key pairs used to host the TOR sites operated by the group and dismantle them. BlackCat, like several other ransomware gangs, uses a ransomware-as-a-service model involving a mix of core developers and affiliates, who rent out the payload and are responsible for identifying and attacking high-value victim institutions.

The Hacker News 12/19/2023