ALPHV/BlackCat Site Downed After Suspected Police Action

Cyber Security Threat Summary:
Last Friday, cyber security firm RedSense disclosed on X (formerly known as Twitter) that BlackCat Ransomware’s Tor data leak site had been taken down after police action. As of writing no official disclosure from law enforcement authorities has been published to the public regarding such a takedown. However, according to Yelisey Bohuslavkiy, RedSense’s chief research officer, “threat actors, including #BlackCat’s affiliates and initial access brokers, are convinced that the shutdown was caused by a law enforcement action.” On the contrary, an admin for BlackCat stated last week that the group is repairing their servers and that the site may be back online soon.

Security Officer Comments:
BlackCat ransomware initiated its operations in 2020. Since then, the group has made a name for itself, becoming one of the most notorious gangs out there. Although no official statement has been released, a law enforcement takedown of BlackCat’s infrastructure would be a huge win, considering the ransomware group has been actively compromising dozens of victims in the last couple of months, according to metrics collected by the IT-ISAC. While a takedown of BlackCat’s infrastructure would disrupt operations, as we have seen in the past, members and affiliates of the gang will likely rebrand or join other ransomware groups.