Security News > 2023 > December > How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs.
"As a result, the FBI identified and collected 946 public/private key pairs for Tor sites that the Blackcat Ransomware Group used to host victim communication sites, leak sites, and affiliate panels like the ones described above."
While the FBI has not shared how they gained access to these Tor key pairs, it is likely through the same access they used to retrieve the decryption keys for the victim's encrypted files.
The FBI says they confirmed that these Tor keys are associated with the ransomware operation's data leak site, affiliate panel, and unique Tor negotiation sites given to victims in ransom notes.
The first was REvil, where the FBI gained access to the master decryption key for the Kaseya supply chain attack, and the second was a breach of the Hive ransomware operation, where the FBI obtained over 1,300 decryption keys.
FBI disrupts Blackcat ransomware operation, creates decryption tool.
News URL
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- FBI: Akira ransomware raked in $42 million from 250+ victims (source)
- Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (source)
- FBI takes down BreachForums ransomware website and Telegram channel (source)