BrianKrebs

The U.S. Federal Bureau of Investigation (FBI) said today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants.

https://krebsonsecurity.com/2023/12/blackcat-ransomware-raises-ante-after-fbi-disruption/

[Santa hat edits from @nixonnixoff ]

BlackCat Ransomware Raises Ante After FBI Disruption – Krebs on Security

Dec 19, 2023 at 10:56pmWeb
Show threadMorten ToudahlDec 19, 2023
@briankrebs @nixonnixoff That backfired spectacularly
Show threadAllison NixonDec 21, 2023

@mortentoudahl @briankrebs it's typical bravado from cybercriminals to make threats to save face, and very unlikely to result in any landscape shift whatsoever for defenders.

The only material change i see happening is that someone in the FBI can use this to justify increasing their budget to go after these guys harder.

Show threadMorten ToudahlDec 21, 2023
@nixonnixoff @briankrebs I don't know anything about this area of IT.
Are you saying that the 3000 victims they claim will remain encrypted (most likely) does not exist?
Show threadAllison NixonDec 21, 2023

@mortentoudahl @briankrebs i didn't consider the possibility that they don't exist, but yeah, alphv could be lying too.

3k victims losing their keys is unfortunate, but they were never going to get them without paying the ransomware actor, and they already havent paid for months.

When the only choice is between two bad situations due to extortion, you always pick the choice where the extortionist doesn't get paid. No matter how much the other option hurts. Taking down that org is more important.

Show threadHelgi CrookehorneDec 19, 2023
@briankrebs @nixonnixoff Russian powerplants are all in range of JASSM from Ukraine (90% of them), and not even JASSM-ER. So those ranson clowns should reconsider