The darknet website of the AlphV/Blackcat ransomware gang was replaced by a splashpage on Tuesday announcing it had been seized by the FBI.
Details of the operation are not yet public.
The takedown follows more than a week of speculation regarding potential law enforcement action after the criminals’ site became inaccessible earlier this month. Although the site subsequently came back online, it was stripped of all references to victims that the criminals had published as part of their extortion efforts.
The ransomware group is notorious for the scale and impact of its attacks, which in the past two months alone have impacted victims including the healthcare manufacturer Henry Schein, Fidelity National Financial, and the Japanese watchmaker Seiko.
In an unusual incident in November, the gang also reported one of its victims to the U.S. Securities and Exchange Commission in a bid to increase the pressure on financial software company MeridianLink to make an extortion payment.
The seizure notice states: “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.”
Logos included on the notice credit the involvement of around a dozen agencies, including the U.S. Department for Justice, the U.S. Secret Service, Europol, and the German Federal Criminal Police Office. It particularly credits Europol and the Zentrale Kriminalinspektion Göttingen as having provided “substantial assistance.”
The national police forces of Australia, Spain and Estonia are also featured on the splash page, as is Austria’s Directorate of State Security and Intelligence, and the United Kingdom’s National Crime Agency and the Eastern Region Special Operations Unit of Britain’s regional organized crime units.
Also included on the splashpage was the logo of the U.S. Rewards for Justice Program, which offers to pay individuals who provide information to the U.S. that helps protect the country’s national security. It appears to be the first time the program’s logo has been featured on such a splashpage — although the program is regularly cited by law enforcement tackling ransomware gangs.
The program has for some time listed several Russian military intelligence officers among its targets, and recently celebrated the takedown against the Hive ransomware group by tweeting it was prepared to pay up to $10 million for information about it and similar organizations — although the program logo was not included on the splashpage that replaced the Hive gang’s website.
Earlier this year, the Russian telecommunications regulator Roskomnadzor blocked access to the U.S. State Department’s Rewards for Justice website, alongside the sites for the Central Intelligence Agency and the Federal Bureau of Investigation.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles