On December 19, 2023, the Justice Department (“DOJ”) announced a disruption campaign against the Blackcat ransomware group. In the same press release, they also stated that the Federal Bureau of Investigation (“FBI”) had developed a decryption tool to combat ALPHV/Blackcat’s ransomware variant. Over the last couple of years, Blackcat’s ransomware has risen in popularity and become one of the most prevalent in the world. Since its emergence, the group has targeted more than 1000 networks, in a wide range of industries, including those that support critical infrastructure. The group has been known to exfiltrate its victims’ sensitive data, encrypt their systems, and seek ransom payments in exchange for providing decryption keys and promising not to publish the stolen data. If payment is refused, Blackcat has been known to post the stolen data on its leak website.
The decryption tool has allowed the FBI to work with hundreds of impacted victims to restore their systems without making a ransom payment. The FBI estimates the tool has saved victims nearly $70 million. The DOJ press release also disclosed that the FBI gained visibility into Blackcat’s computer network and seized several Blackcat-operated websites. The announcement highlights the DOJ’s focus on targeting cybercriminals and its ability to disrupt even the most sophisticated ransomware groups. It also underscores the importance for companies of maintaining close working relationships with the FBI.