On March 5, 2024, ALPHV/BlackCat ransomware claimed its shutdown, “due to the FBI takeover”. Despite the actions from law enforcement really happening to this gang before, there are quite a few signs of this being a false claim. Analysts suppose that ALPHV admins are just trying to pull an exit scam.
ALPHV/BlackCat Ransomware Shuts Down
The story of ALPHV self-shutdown in fact unfolds
On Monday, March 4, 2024, negotiation sites of the gang went offline, meaning this is not just a coincidence. Lastly, all the pages associated with the cybercrime group were defaced with the FBI banner. Though, the latter appears to be just a save from their real takedown, that is now added using a Python server.
And well, why can’t this be a real FBI takedown? Especially considering that feds already did it earlier – this ended up in a rather laughable manner. It is not an unusual practice for law enforcement to pay another visit, especially when we talk about a renowned group of thugs like ALPHV is. But researchers say that NCA, one of the key anti-cybercrime authorities in Europe, deny their responsibility for the recent events around BlackCat.
Two other signs potentially indicate that ALPHV is going out of business. Their admin offers ransomware source code for sale for a hefty $5 million, and the group’s Tox chat has its status changed to “GG”. And well, both of them do not necessarily mean a shutdown, but this is a rather unusual behavior for this ransomware gang. This looks especially fishy considering slug-in-salt excuses coming from their administrators.
Is it the end of BlackCat?
Yes, BlackCat is most likely done at this point. Regardless of whose story is true, it will be rather hard to explain the comeback. Though, the FBI story is the least likely to be true, meaning that threat actors are not detained. Which eventually gives ALPHV the chance for return, just in a different form.
It is a pretty common thing for ransomware gangs to morph into a different group after the dissemination of the original one. Either we will see the breakup of this large group on a selection of smaller ones, or its reborn with a different name, but carbon copied essence. This, or the members will find themselves in a different ransomware group – experienced employees are of a high value in the cybercrime world, too.
What is ALPHV/BlackCat?
BlackCat a.k.a ALPHV is a ransomware group that appeared back in 2021. It primarily targets corporations, encrypting and stealing data from both Linux and Windows systems. Vast networks of affiliates, along with a rather daring selection of targets quickly propelled this ransomware to the top of the charts.
Targeting of large companies, along with asking for large sums of money inevitably made ALPHV a wanted target for law enforcement. Back in December 2023, a significant portion of its Darknet sites suffered an attack from the FBI, which was nonetheless reverted. And since then, the cybercrime group did not show any sign of problems – until these days.