The BlackCat hacking group, one of the most prolific in the world, had its website confiscated by the FBI on December 19. In this way, the US Bureau was able to recover hundreds of decryption keys to release the data stolen by the hackers.
But since then, the group claims to have regained control of most of its decryption keys. According to the specialized site Bleeping Computer, the FBI only recovered the decryption keys from last month, which represents those of about 400 victims, mainly among them companies.
Remaining victims
BlackCat states in a message posted on its old website that “the remaining 3,000 victims will lose their keys.” These keys allow victims to deactivate the ransomware marketed by the criminal organization and thus release the data they are holding hostage.
They also announce that they have launched a new direction to publish and sell the data in question that they have stolen, specifying that the FBI “will not be able to intervene” in this data.
Previously, the site displayed a sign indicating that it had been confiscated by the FBI. In this message, published in retaliation for the FBI’s intervention, BlackCat encourages its clients to launch cyberattacks, in particular by offering advantageous prices. For BlackCat, it’s also about not losing potential customers to competitors, including the equally prolific LockBit group whose methods are similar.
No more rules
“As a result of your actions, we are introducing new rules, or rather, we are removing all the rules except one. You can’t touch the Commonwealth of Independent States, but now you can block hospitals, nuclear power plants, everywhere and whatever you want,” BlackCat wrote in his post.
The Commonwealth of Independent States is an organization formed during the dissolution of the Soviet Union and is made up of nine of the fifteen former Soviet republics. Their protection comes from the fact that BlackCat members are known to have close ties to Russia.
BlackCat’s operating method is to offer turnkey ransomware. This malware allows clients to lock down digital infrastructure and hold sensitive data hostage for ransoms. The group also attacks itself. Among the victims of this system are Seiko, the Japanese watchmaker, the American hotel chain MGM Resorts and a number of hospitals and security infrastructures in the United States.
Source: BFM TV
