Everything we know so far about the rumored ALPHV 'takedown'

Ransomware mockup of a red neon motherboard with a floating triangular warning sign denoting danger

(Image credit: Getty Images)

Speculation about a law enforcement takedown of the ALPHV ransomware group has been rampant in recent days after its data leak website was abruptly knocked offline.

The cause of the outage is not confirmed, and the site does have a history of periodic outages and disruption issues. However, the 30-hour downtime period represents one of the longest outages the site has suffered since being launched.

The group, often referred to as ALPHV/BlackCat, has listed over 650 companies on its data leak site since it was created in 2021.

On December 10, cyber intelligence specialist RedSense revealed its chief research officer Yelisey Bohuslavkiy received information from threat actors affiliated with ALPHV who indicated they were “convinced” the outage was related to law enforcement operations.

A black and white hand holding a drawing of a white, square-handled key. Instead of teeth, the key has the number "10110" representing binary code and encryption. The hand and key are set against a solid blue background. — (Image credit: Getty Images)

Ransomware is driving up UK inflation The end of ransomware payments: How businesses fit into the fight LockBit remains most dangerous ransomware despite fall in attacks

The firm added Bohuslavkiy also received confirmation from the leadership of related groups such as Royal/BlackSuit, BlackBasta, LockBit, and Akira.

But at the time of writing no official law enforcement agency has released information claiming responsibility for the outage.

There are some signs the group’s site may be on its way back to functionality. At the time of writing, the group’s leak site appears to be coming back online, which tracks with the message received by RedSense from ALPHV’s admin stating “everything will work soon”.

Who are ALPHV/BlackCat?

First rising to prominence in 2021, ALPHV/BlackCat were one of the earliest ransomware groups to use the Rust programming language, which has since been adopted by a number of other threat actors such as Hive group.

RELATED RESOURCE

Safeguarding your data in a work-from-anywhere world whitepaper — (Image credit: Zscaler)

Find out why cloud transformation requires you to rethink data protection

DOWNLOAD NOW

The programming language has grown in popularity due to its efficient memory management and anti-analysis properties that allow ransomware to evade detection from many anti-malware systems.

Notable victims of the ALPHV/BlackCat group include aviation services provider Swissport, video game giant Bandai Namco, and the Luxembourg energy company Encevo Group.

The group has been known to employ a ‘quadruple extortion’ method whereby they encrypt the victims data, threaten to release sensitive data, launch denial of service (DoS) attacks against the victim’s public domains, and harass the victim by publicising the breach to its customers, media, and business partners.

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.