ALPHV ransomware site outage rumored to be caused by law enforcement

Trending 2 months ago

ALPHV/BlackCat ransomware gang

A law administration operation is accounted to be abaft an abeyance affecting ALPHV ransomware gang's websites over the aftermost 30 hours.

The ALPHV (aka BlackCat) agreement and abstracts aperture sites suddenly became unavailable yesterday and abide to abide bottomward today.

BleepingComputer has additionally accepted that different Tor agreement URLs aggregate with victims in bribe addendum are additionally down, advertence a disruption to the ransomware gang's public-facing basement and a arrest to advancing negotiations.

ALPHV abstracts aperture armpit not operationalALPHV abstracts aperture armpit not operational
Source: BleepingComputer

When questioned yesterday about the disruption, the Admin for ALPHV told BleepingComputer that the sites may be aback online soon.

That was 20 hours ago, and the sites abide to abide bottomward at this time.

The Tox cachet for the Admin claims that the operation is acclimation their servers but they accept not answered questions about what happened.

Admin assuming "Repair" as their Tox statusAdmin assuming "Repair" as their Tox status
Source: BleepingComputer

However, BleepingComputer suspects that the ransomware assemblage may accept suffered abeyant law administration action afterwards their contempo activities, which was additionally hinted at by others.

"Hearing agrarian (and strong) rumours that ALPHV/Blackcat has been paid a appointment by the FBI," reads a cheep by addition called Evangelos G.

Evangelos tweet

While it has not been accepted whether the FBI or any added law administration agency breached ALPHV's servers, agnate law administration operations accept occurred in the past.

For example, back the FBI breached REvil's servers, they obtained the decryption keys for the victims of the Kaseya ransomware attack.

Similarly, the FBI afraid Hive's infrastructure, secretly accepting decryption keys and disseminating them to victims.

BleepingComputer contacted the FBI about the ALPHV website disruption, but a acknowledgment was not anon available.

A rebrand in the making

The ALPHV/BlackCat ransomware operation is believed to be a rebrand of the DarkSide gang. The operation launched in 2020 and bound rose to bulge over the abutting year.

However, after attacking the Colonial Pipeline, the ransomware assemblage faced acute analysis by the US government and all-embracing law enforcement, ultimately arch to the seizure of their basement and the operation shutting down.

Only a few months later, the ransomware assemblage returned, this time under the name BlackMatter. However, the managers of this operation claimed in an interview that they were affiliates of the DarkSide operation and not the aboriginal leaders.

Only a abbreviate four months later, BlackMatter shut bottomward its operation in November 2021 afterwards claiming to be beneath burden from law enforcement.

In February 2022, the ransomware assemblage alternate again, this time beneath the name ALPHV, additionally accepted as BlackCat, for an angel acclimated on their Tor agreement sites.

While this rebrand started out like best ransomware gangs, targeting companies in extortion attacks worldwide, they accept broadcast their operations by partnering with English-speaking affiliates and targeting analytical infrastructure, such as hospitals and baptize suppliers.

Due to this, it was alone a amount of time until they afresh acquainted the analysis of law enforcement, whether it be this disruption or a approaching one.