A multinational collaboration of law enforcement agencies has captured the renowned ransomware gang ALPHV, or BlackCat’s, dark web leak site.
“The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware,” Eltrys discovered on the gang’s dark web leak site.
According to the press release, law enforcement agencies from the United Kingdom, Denmark, Germany, Spain, and Australia were also participating in the takedown operation. 
The FBI-led global takedown operation, which the US Department of Justice later confirmed, allowed US authorities to access the ransomware group’s computer and seize “several websites” that ALPHV ran.
The FBI also issued a decryption tool, which has already helped over 500 ALPHV ransomware victims repair their computers. (According to the search warrant, the number of victims is 400.) The FBI said that it worked with scores of victims in the United States, preventing them from paying $68 million in ransom demands.
According to the government’s disclosure, ALPHV penetrated the networks of over 1,000 victims worldwide in order to make hundreds of millions of dollars. According to the DOJ, the gang has targeted key infrastructure in the United States, including government facilities, emergency services, military industrial base firms, essential manufacturing, healthcare, and public health institutions, as well as other organizations, schools, and government agencies.
According to the government’s search request, the FBI worked with a “confidential human source” connected to the ransomware gang, who gave investigators access to ALPHV/BlackCat’s affiliate panel, which was used to manage the gang’s victims.
The State Department has said that it would reward those who provide information “about Blackcat, their affiliates, or activities.”
“In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” said US Deputy Attorney General Lisa Monaco in comments. Businesses and schools, as well as health care and emergency services, were able to reopen with the aid of a decryption tool that the FBI provided to hundreds of ransomware victims worldwide. We will continue to prioritize disruptions and victims in our attempt to deconstruct the environment that fuels cybercrime.”
Eltry’s requests for comment were not responded to by either the FBI or the UK’s National Crime Agency.
Ina Mihaylova, a spokesman for Europol, acknowledged the agency’s participation in the operation but refused to speak more.
In recent years, the ALPHV/BlackCat ransomware group has been one of the most active and devastating. ALPHV, thought to be a successor of the now-defunct sanctioned REvil hacking gang, claims to have infiltrated a number of high-profile victims, including Reddit, Norton, and the United Kingdom’s Barts Health NHS Trust.
The group’s methods have gotten more violent in recent months. The ALPHV filed a first-of-its-kind complaint with the U.S. Securities and Exchange Commission (SEC) in November, alleging that digital lending provider MeridianLink failed to disclose “a significant breach compromising customer data and operational information,” which the gang claimed responsibility for.
