Security News > 2024 > February > Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew

Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew
2024-02-19 01:29

The Department of State announced last week that it was offering $10 million for information identifying key leaders in the ALPHV ransomware gang or their locations, and $5 million for information leading to the arrest or conviction of anyone "Participating in or conspiring or attempting" to use the gang's notorious ransomware.

ALPHV has made a habit of going after critical infrastructure targets, and last week claimed responsibility for an attack on the company operator of the Canadian Trans-Northern Pipelines, allegedly stealing around 190GB of data.

The Trans-Northern attack is the fourth critical infrastructure operator that ALPHV claims to have attacked in recent months.

Experts even speculated that the US government's takedown of ALPHV would end the existence of the group's current incarnation, but the State Department's bounty notice implies the feds still see it as an active threat - not to mention the fact that the ALPHV website popped right back up days after the FBI took it down.

CVSS 8.7 - CVE-2023-51440: Several models of Siemens SIMATIC and SIPLUS NET controllers are improperly verifying the source of a communication channel, allowing an attacker to spoof TCP reset packets and cause DoS. CVSS 8.5 - CVE-2024-22042: All versions of Siemens Unicam FX software are incorrectly using privileged APIs that could allow an attacker to gain system-level privileges.

As if public defenders weren't already overworked enough as it is, now a ransomware attack has taken the entire Colorado State Public Defender's office network offline.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/19/infosec_news_in_brief/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-22042 Unspecified vulnerability in Siemens Unicam FX
A vulnerability has been identified in Unicam FX (All versions).
local
low complexity
siemens
7.8
2024-02-13 CVE-2023-51440 Unspecified vulnerability in Siemens products
A vulnerability has been identified in SIMATIC CP 343-1 (6GK7343-1EX30-0XE0) (All versions), SIMATIC CP 343-1 Lean (6GK7343-1CX10-0XE0) (All versions), SIPLUS NET CP 343-1 (6AG1343-1EX30-7XE0) (All versions), SIPLUS NET CP 343-1 Lean (6AG1343-1CX10-2XE0) (All versions).
network
low complexity
siemens
7.5