Successful Takedown of BlackCat Ransomware Gang

What Happened

On December 19th, the US government revealed the successful disruption of the notorious BlackCat ransomware-as-a-service operation. The US Justice Department, in collaboration with other US authorities and international authorities, conducted website takedowns. Moreover, the FBI released a decryption tool. This tool has assisted numerous organisations globally in recovering hijacked data.

As a result of the takedown, the following message is displayed on the gang’s dark web leak site:

Image Credits: TechCrunch (screenshot)

The FBI decryptor, employed by dozens of victims, prevented ransom payments amounting to approximately $68 million. As a result, businesses, schools, healthcare, and emergency services swiftly resumed operations.

The US Justice Department emphasised its commitment to prioritising disruptions and placing victims at the core of its strategy against the cybercrime group. The department also acknowledged the international contributions of Europol, as well as the authorities from Germany, Denmark, Australia, the UK, Spain, Switzerland, and Austria.

Please see the CISA advisory for detailed information about known Blackcat affiliates’ tactics, techniques, and procedures (TTPs) as well as indicators of compromise (IOCs) identified through the investigations.

About BlackCat

The BlackCat ransomware gang, also known as ALPHV or Noberus, has gained notoriety for its participation in prominent ransomware attacks. The cybercrime group is known for using aggressive tactics, such as double extortion and operating a public data leak site. They have targeted a range of entities worldwide, including government facilities, emergency services, defence industrial base companies, and healthcare facilities.

According to the agency, BlackCat/ALPHV has become the second most active variant of ransomware-as-a-service globally over the past 18 months. This is based on the hundreds of millions of dollars that victims worldwide have paid in ransom.

BlackCat’s links to other ransomware groups, such as DarkSide and BlackMatter, underscore its extensive networks and experience in ransomware operations.

Please refer to our news for information on recent BlackCat attacks.

Closing Comments

Recent successful operations against cybercrime groups are encouraging signs. For instance, the dismantling of Ragnar Locker and the arrest of leaders and accomplices of a ransomware group in Ukraine are notable examples. The availability of decryption keys aids victims in data recovery, reinforcing the collaborative efforts between organisations and law enforcement agencies against ransomware.

While these victories are commendable, it’s crucial to acknowledge the persistent threat of cybercriminals who will adapt and find new methods. Organisations must maintain constant vigilance in the ongoing battle against evolving ransomware.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.