Security News > 2023 > December > FBI disrupts Blackcat ransomware operation, creates decryption tool
The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys.
With this access, the FBI silently monitored the ransomware operation for months, siphoning decryption keys and sharing them with over 500 victims so that they did not have to pay a ransom for a decryptor.
"The FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer over 500 affected victims the capability to restore their systems," announced the Department of Justice.
The FBI has seized the website URL for the ransomware operation's data leak site, which now displays a seizure message stating that it was seized in an international law enforcement operation.
The LockBit ransomware operation has also seen this disruption as an early holiday gift, telling affiliates they can move to his operation to continue negotiating with victims.
The ransomware operation later returned as BlackMatter on July 31st but, once again, shut down in November 2021 after Emsisoft exploited a weakness to create a decryptor and servers were seized.