Security News > 2024 > February > Feds post $15 million bounty for info on ALPHV/Blackcat ransomware crew

The Department of State announced last week that it was offering $10 million for information identifying key leaders in the ALPHV ransomware gang or their locations, and $5 million for information leading to the arrest or conviction of anyone "Participating in or conspiring or attempting" to use the gang's notorious ransomware.

ALPHV has made a habit of going after critical infrastructure targets, and last week claimed responsibility for an attack on the company operator of the Canadian Trans-Northern Pipelines, allegedly stealing around 190GB of data.

The Trans-Northern attack is the fourth critical infrastructure operator that ALPHV claims to have attacked in recent months.

Experts even speculated that the US government's takedown of ALPHV would end the existence of the group's current incarnation, but the State Department's bounty notice implies the feds still see it as an active threat - not to mention the fact that the ALPHV website popped right back up days after the FBI took it down.

CVSS 8.7 - CVE-2023-51440: Several models of Siemens SIMATIC and SIPLUS NET controllers are improperly verifying the source of a communication channel, allowing an attacker to spoof TCP reset packets and cause DoS. CVSS 8.5 - CVE-2024-22042: All versions of Siemens Unicam FX software are incorrectly using privileged APIs that could allow an attacker to gain system-level privileges.

As if public defenders weren't already overworked enough as it is, now a ransomware attack has taken the entire Colorado State Public Defender's office network offline.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/19/infosec_news_in_brief/