The US Justice Department (DOJ) has announced that the FBI has successfully developed a decryption tool, enabling the recovery of data for more than 500 victims of ransomware attacks as part of a collaborative international law enforcement effort. The bureau has also taken down “several websites” operated by the notorious ALPHV / Blackcat ransomware gang.
However, tech publication Bleeping Computer reported that the ransomware gang quickly retook control of its website and claimed that the FBI only possessed decryption keys for around 400 companies, leaving over 3,000 victims with encrypted data. Furthermore, the gang announced that it would no longer prohibit affiliates from targeting critical infrastructure such as hospitals and nuclear power plants using their ransomware software.
The DOJ revealed that over the past 18 months, ALPHV/Blackcat has become the second most prolific ransomware-as-a-service variant globally, raking in hundreds of millions of dollars in ransom payments from victims around the world. The gang operates through a model where they develop and update the ransomware, while affiliates identify targets and carry out the attacks, ultimately splitting the profits.
The FBI’s success in creating a decryption tool marks a significant milestone in the fight against ransomware, as law enforcement agencies continue to work towards stemming the tide of cybercrime and protecting victims from further harm.