In a very interesting article, the group behind the Blackcat ransomware wants to raise the anti after getting infiltrated and disrupted recently.
The article comes from our good friend Brian Krebs and is worth the read.
The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who continue to work with the crime group, and open season on everything from hospitals to nuclear power plants.
Whispers of a possible law enforcement action against BlackCat came in the first week of December, after the ransomware group’s darknet site went offline and remained unavailable for roughly five days. BlackCat eventually managed to bring its site back online, blaming the outage on equipment malfunctions.
The link leads to a twitter post, now known as X.
Don’t let that type of thing fool you. I was told that when things happened to me in 2008 when we covered a hacker who actually targeted me and others and did things when they didn’t get their way. That story remains in the archives though and it is completely different than this.
“With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online,” Deputy Attorney General Lisa O. Monaco said. “We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.”
We know that Blackcat was started after rEvil, Black Matter and Darkside were all shuttered. Links to coverage of these groups are given and won’t be given here. We know that Dark Side was responsible for one of the biggest disruptions for our time to date, the Colonial Pipeline attacks. This is also linked within Brian’s article.
For those who are unfamiliar about this attack, it lead to fuel shortages and gas prices to rise as Collonial Pipeline had to temporary shut down services during their investigation of the attack.
While that was only a few days, places across the east coast of the United States were feeling the effects of the attack for some time.
The article continues:
Like many other ransomware operations, BlackCat operates under the “ransomware-as-a-service” model, where teams of developers maintain and update the ransomware code, as well as all of its supporting infrastructure. Affiliates are incentivized to attack high-value targets because they generally reap 60-80 percent of any payouts, with the remainder going to the crooks running the ransomware operation.
While the FBI seized control, the group put up a message from their view and we believe that it is that way now.
The article goes on.
BlackCat claimed that the FBI’s operation only touched a portion of its operations, and that as a result of the FBI’s actions an additional 3,000 victims will no longer have the option of receiving decryption keys. The group also said it was formally removing any restrictions or discouragement against targeting hospitals or other critical infrastructure.
This means that they’ll be more disruptive than they already are, and I doubt that they followed the “no attack of critical infrastructure” (quoted phraise) as they claim.
Now, their only rule is not to attack Russia or the Commonwealth (linked) but all bets are off otherwise. This means that they’ll become more dangerous, and if I read this right, they’ll be more agressive and ask for bigger payouts come new year.
Just a note, we’ll talk about what might be seen in the new year, so this article is definitely timely because the group is making their efforts known.
Maybe by publishing this article, talking about it and us putting it in the spotlight as we’re doing now, we’ll hopefully tell people about this so they don’t fall victim.
Our partner Virus Total can help you if whatever you have on your machine doesn’t pick up files you receive by email attachment and can definitely be used to check these dodgy sites.
To add insult to injury:
The crime group also said it was setting affiliate commissions at 90 percent, presumably to attract interest from potential affiliates who might otherwise be spooked by the FBI’s recent infiltration. BlackCat also promised that all “advertisers” under this new scheme would manage their affiliate accounts from data centers that are completely isolated from each other.
While the darknet site is currently showing the seizure notice, both the FBI and Blackcat have the keys, according to Bleeping Computer. Whoever puts it up first, takes control.
If you have information, Brian says you can get up to a hefty $10 million reward through the department of justice. Links are provided in the story.
If you wish to read the entire story, please read the article BlackCat Ransomware Raises Ante After FBI Disruption and let’s be aware of the fact that now we’re just as much as a threat as ever.
Remember! I was sent three emails to an address that is not too public, but was found on Have I Benen Poned.
Two of them was to one of the nastiest Ransomware strains out there, and Virus Total was there to assist me.
While I have Malwarebytes, no program is going to be 100 percent effective. Human intervention is also the key to make sure that you’re as secure as humanly possible. If you save a file, run it through Malware Bytes, Windows Defender or even another program of your choice and am not getting anything back, run it through Virus Total.
As discussed in the podcast talking about virus total, it uses different engines and at least 90 different products in an online environment. The more that pick up the file, the more it’ll scream at you that something is wrong and you should not run it. No, it doesn’t literally scream, but it will say 28 out of 90 as an example VS 1 or 2 out of 45, 50 or 90.
The above are just examples, and I think we’ve covered this article quite well in this blog post.
Please feel free to give it a look, and remember, while we’re in a bit of a resbit now, it’ll be in full force again after new year.
Keep safe, we’ll have more soon.