Posted on: December 20, 2023, 08:23h.
Last updated on: December 20, 2023, 08:23h.
The US Justice Department and its Federal Bureau of Investigations (FBI) have seized the darknet website belonging to the ransomware group that took credit for the August cyberattack on MGM Resorts.
A group known as Scattered Spider initially claimed responsibility for the September cyberattack on MGM. Scattered Spider was later deemed by federal law enforcement to have used a software strain called Alphv and worked in conjunction with a larger cyber gang called Blackcat.
The FBI on Tuesday confirmed a disruption campaign against Blackcat. In conjunction with an international group of law enforcement agencies, the DOJ and FBI successfully seized the darknet website of the criminal group and posted a notification on its homepage.
“This website has been seized,” the Blackcat homepage now reads. “The Federal Bureau of Investigations seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.”
Decryption Tool Deployed
Along with seizing the online home of the criminal group said to be behind the MGM attack that cost the casino operator over $100 million, the FBI announced the development of a decryption tool that allows federal law enforcement to assist victims in restoring their systems. Blackcat and many other cyber criminals often encrypt a victim’s data, essentially locking the company or person out of their network until a ransom is paid.
In disrupting the Blackcat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco.
Monaco revealed that the decryption tool has been in use for an unspecified period and has helped over 500 affected victims restore their systems. The FBI says the tool has allowed businesses and schools to more quickly reopen and helped critical health care and emergency services networks get back online expeditiously.
The FBI believes the decryption tool has already saved at least $68 million in ransom demands. But victims around the world have paid an unknown amount over the past year, a total the Justice Department agency can only estimate to be in the “hundreds of millions of dollars.”
Caesars Entertainment was hit with a similar cyberattack to MGM in August. But unlike its primary competitor, Caesars opted to pay a ransom — said to be around $15 million.
Holiday Consumer Alert
The US Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, says the holidays are the most active time of the year for cybercriminals. The agency tells consumers to take proactive steps to keep their personal information secure on the internet.
Those tips include regularly updating your devices with the latest software. CISA also recommends changing passwords when prompted and using two-factor authentication when available.
Another recommendation is to only shop online through trusted websites and to avoid making purchases while on a public Wi-Fi network. Using a credit card as opposed to a debit card is also suggested, as there are laws to limit your liability for fraudulent credit card charges that may not come with a debit card.
The government also advises to be wary of emails requesting personal information.
“Legitimate businesses will not solicit this type of information through email,” a CISA tip sheet read.