The United States Department of Justice (DOJ) today announced the successful disruption of a prolific cybercriminal operation: the ALPHV/Blackcat ransomware variant. This sophisticated malware has plagued individuals and organizations worldwide for the past year, encrypting crucial data and demanding exorbitant ransoms.
Over the past 18 months, ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransom paid by victims around the world.
The FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer over 500 affected victims the capability to restore their systems. To date, the FBI has worked with dozens of victims in the United States and internationally to implement this solution, saving multiple victims from ransom demands totaling approximately $68 million.
As detailed in a search warrant unsealed today in the Southern District of Florida, the FBI has also gained visibility into the Blackcat ransomware group’s computer network as part of the investigation and has seized several websites that the group operated.
“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa O. Monaco. “With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
The FBI Miami Field Office is leading the investigation.
