- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
ALPHV/BlackCat Site Downed After Suspected Police Action
One of the most prolific ransomware-as-a-service (RaaS) groups operating today has suffered online disruption which intelligence experts have attributed to police action.
Cyber-threat intelligence firm RedSense said in a post on X (formerly Twitter) on Friday that it could “confirm” the leak site belonging to ALPHV (aka BlackCat) had been taken down by law enforcement.
However, it appears to be basing this judgement not on direct knowledge of any police action, but intelligence gathered from the cybercrime community.
“RedSense chief research officer, Yelisey Bohuslavkiy, confirms that the threat actors, including #BlackCat’s affiliates and initial access brokers, are convinced that the shutdown was caused by a law enforcement action,” it noted.
“He specifies that other ransomware leadership from the top-tier groups directly related to #ALPHV also confirm this: specifically, admins and team leads of #Royal/#BlackSuit, #BlackBasta, #LockBit, and #Akira.”
However, the group itself has maintained that disruption to its public-facing leak site and payment infrastructure is simply down to unspecified “hosting” issues.
“The admin of AlphV did not provide coherent explanation during the RedSense threat actor engagement, though it may be related to the admin denying the LE action due to reputation concerns,” RedSense tweeted. “The current status of the group is ‘Everything will work soon.’”
The BlackCat Brand is Finished
MalwareHunterTeam, which runs the ID Ransomware initiative, argued that even if the issue wasn’t caused by law enforcement, the ALPHV/BlackCat brand is effectively “finished” as any serious affiliates or initial access brokers would likely part company due to the lengthy service outage.
Threat intelligence firm ReliaQuest said any disruption at the RaaS group would have a knock-on effect.
“This disruption would force affiliates to move on to other ransomware affiliate programs or develop their own,” it wrote in a short blog post.
“Previously, these types of law enforcement actions have resulted in affiliates spreading into new affiliate programs, bringing in experience from previous programs. For example, ALPHV themselves are believed to have been formed from previous affiliates of the ransomware groups DarkSide and BlackMatter.”
ALPHV made headlines recently when it, or an affiliate, reported one of their victims to the US Securities and Exchange Commission (SEC), in a bid to pressure payment.
One of ALPHV’s most written-about affiliates is Scattered Spider, which has been tied to the MGM Resorts and Caesars Entertainment breaches.
Read more on BlackCat: BlackCat Ransomware Gang Targets Businesses Via Google Ads