Getty Images/iStockphoto

Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)

Listen to this podcast

This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure.

The Alphv/BlackCat gang seems to be gone for good -- at least in its current form -- after an apparent exit scam conducted against its affiliates.

BlackCat is a prolific ransomware-as-a-service threat actor that has received millions of dollars in extortion payments and taken credit for a number of high-profile attacks, such as the recent one against healthcare payment software provider Change Healthcare as well as last year's attack against MGM Resorts.

In December, the FBI led an international takedown against the gang that included the seizure of the gang's data leak website as well as the development of a ransomware decryption tool, but BlackCat came back quickly. Over the following months, the group attacked dozens of organizations including a large number in the healthcare sector.

The story of the gang evolved further this month as in early March Wired reported on a $22 million Bitcoin transaction made to BlackCat on March 1. On March 3, an alleged affiliate of BlackCat posted a message to dark web forum Ramp stating that they were responsible for the attack on Change Healthcare, that the company paid a $22 million extortion payment to BlackCat and that gang administrators were unresponsive to the affiliate's request for payment.

Between this, the sudden closure of affiliate accounts the next day, an attempted sale of BlackCat source code for $5 million and a law enforcement seizure notice on the gang's data leak site that is suspected to have been falsified, security experts believe BlackCat conducted an exit scam against its affiliates. In other words, the gang apparently decided to take the money and run.

The fallout of BlackCat's exit raises many questions about the operators' motivations and strategy. On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the chaotic exit of the notorious ransomware gang and what it could mean for the threat landscape.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

Enterprise Desktop
Cloud Computing