The US Justice Department (DOJ) says the FBI has created a decryption tool that helped it return the data of over 500 ransomware victims as part of a multinational law enforcement push. It also wrote that the bureau had seized “several websites” operated by the ALPHV / Blackcat ransomware gang.
However, Bleeping Computer reports that by this afternoon, ALPHV / Blackcat claimed to have regained control of its site and that the FBI only had decryption keys for 400 or so companies, leaving more than 3,000 victims whose data remains encrypted. The gang also reportedly said that it was no longer restricting affiliates using its ransomware software from attacking critical infrastructure, including hospitals and nuclear power plants.
According to the DOJ, “Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world.” In its model, the gang is responsible for creating and updating the ransomware, while affiliates find targets and launch the attacks, and then they split the profits.
Over the summer, the gang also claimed credit for a Reddit hack, demanding $4.5 million to return the data, as well as for stealing data from games publisher Namco Bandai. Near the end of the summer, the gang claimed credit for shutting down several MGM Resorts casinos and hotels in Las Vegas, Nevada.