Speculation about a law enforcement takedown of the ALPHV ransomware group has been rampant in recent days after its data leak website was abruptly knocked offline.
The cause of the outage is not confirmed, and the site does have a history of periodic outages and disruption issues. However, the 30-hour downtime period represents one of the longest outages the site has suffered since being launched.
The group, often referred to as ALPHV/BlackCat, has listed over 650 companies on its data leak site since it was created in 2021.
On December 10, cyber intelligence specialist RedSense revealed its chief research officer Yelisey Bohuslavkiy received information from threat actors affiliated with ALPHV who indicated they were “convinced” the outage was related to law enforcement operations.
The firm added Bohuslavkiy also received confirmation from the leadership of related groups such as Royal/BlackSuit, BlackBasta, LockBit, and Akira.
But at the time of writing no official law enforcement agency has released information claiming responsibility for the outage.
There are some signs the group’s site may be on its way back to functionality. At the time of writing, the group’s leak site appears to be coming back online, which tracks with the message received by RedSense from ALPHV’s admin stating “everything will work soon”.
Who are ALPHV/BlackCat?
First rising to prominence in 2021, ALPHV/BlackCat were one of the earliest ransomware groups to use the Rust programming language, which has since been adopted by a number of other threat actors such as Hive group.
RELATED RESOURCE
Find out why cloud transformation requires you to rethink data protection
DOWNLOAD NOW
The programming language has grown in popularity due to its efficient memory management and anti-analysis properties that allow ransomware to evade detection from many anti-malware systems.
Notable victims of the ALPHV/BlackCat group include aviation services provider Swissport, video game giant Bandai Namco, and the Luxembourg energy company Encevo Group.
The group has been known to employ a ‘quadruple extortion’ method whereby they encrypt the victims data, threaten to release sensitive data, launch denial of service (DoS) attacks against the victim’s public domains, and harass the victim by publicising the breach to its customers, media, and business partners.
-
AI is helping bad bots take over the internetNews Automated bot traffic has surpassed human activity for the first time in a decade, according to Imperva
-
Two years on from its Series B round, Hack the Box is targeting further growthNews Hack the Box has grown significantly in the last two years, and it shows no signs of slowing down
-
History tells us ALPHV will likely recover from recent takedownNews A number of cyber criminal outfits have recovered from police takedowns in recent years, but that doesn’t mean authorities should stop trying
-
ALPHV leak site seized by law enforcement as decryption tool releasedNews The ALPHV takedown as been described as a "huge win" for law enforcement
-
Ransomware groups are using media coverage to coerce victims into payingNews Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
-
Western Digital refuses to negotiate with hackers as ALPHV offers “final warning”News The hackers claim to have stolen 10TB worth of the company's data but have received no contact during two-week incident
