Earlier today, the US Department of Justice announced the disruption of the BlackCat ransomware gang, also known as ALPHV. This is a notable takedown, as BlackCat is one of the more notorious ransomware gangs in the current landscape.
According to a joint CISA flash advisory, since the appearance of BlackCat in 2021, the gang has extorted nearly $300 million in ransom payments. By most measures, BlackCat has been one of the premier ransomware gangs, with 421 victims listed on their leak sites in 2023 alone, with Motel One and MGM among their victims.
BlackCat, like many ransomware groups, used multiple tactics, techniques, and procedures during their attacks, some of which Blackpoint has detailed. Common attack methodologies included social engineering and vulnerability exploitation for initial access, and then deployment of remote management tools once access was established. More information including TTPs and indicators of compromise are included in the CISA alert.
Notably, BlackCat’s takedown does not reduce the threat of ransomware—it simply removes one of the larger actors from the scene. While a massive accomplishment on the part of law enforcement, there are still more than a hundred active ransomware groups tracked today; it is a pre-eminent threat. Ransomware does not discriminate against targets. These are criminal organizations that do not have rules of engagement and should be taken seriously as a threat.
Protecting your organization and customers against the threat of ransomware is very important. Practicing good security hygiene along with following ransomware prevention guidance, such as provided by CISA, is critical to reducing the threat posed by ransomware.