Mystery surrounds the evident disappearance of the ALPHV/BlackCat cyber criminal activity gang in the middle of reports that a popular United States victim paid a $22m ransom
By
In what is becoming a turbulent duration for the cyber criminal underground, the ALPHV/BlackCat ransomware team has actually shut off its server facilities in an obviously self-imposed takedown, amidst accusations that the group's ringleaders had actually taken countless dollars from an affiliate that just recently assaulted an American health care companies.
The takedown in the beginning seemed the outcome of a collaborated takedown by police, however according to Reutersthe National Crime Agency (NCA)– which led on Operation Cronos, the current takedown of the LockBit operation — stated that no police action has actually happened.
The waters were muddied still even more by the development of a Sunday 3 March declaration published in damaged English to among the significant underground online forums by an expected affiliate of ALPHV/BlackCat.
The poster declared they had actually been dealing with ALPHV/BlackCat for a very long time, and on 1 March got a $22m ransom payment from Minneapolis, Minnesota-based United Health Group, the moms and dad of the ransomware-stricken Change Healthcare.
They stated, after getting the payment, the ALPHV/BlackCat group “choose to suspend our account and keep lying and postponing when we called ALPHV admin on Tox”.
They included: “He kept stating they are waiting ro [sic] primary admin and the coder up until today they cleared the wallet and took all the cash … Be cautious everybody and stop handle ALPHV.”
“It's essential to stress that this is all speculation,” stated Yossi Rachman, Semperis director of security research study. “I do concur that it looks a little odd, since ALPHV may lose service over it. Once again, it's not a bricks-and-mortar organization, so if they did choose to take the cash and run, they can simply as quickly set up a brand-new company under a various name.
“Overall, nobody beyond in the inner circles of ALPHV, their affiliate and Change Healthcare are privy to this info about who paid or did not pay. And you understand what they state in the cyber security market about there being no honour amongst burglars. Absolutely nothing surprises me.”
WithSecure senior risk intelligence expert Stephen Robinson echoed Rachman's belief on taking anything at stated value. “Any declaration from cyber wrongdoers is naturally unreliable, ALPHV appears to have actually gone offline, however we do not understand why,” he stated.
“The claim relating to the affiliate payment is type of intriguing, however likewise unreliable. For a RaaS operation to work, the affiliates and the core group need to rely on each other, so ‘taking' or keeping payment from an affiliate would be extremely uncommon. Cyber crooks frequently make efforts to remain listed below the radar of law enforcement,
