The security services deny their involvement in the recent events, the hackers did everything themselves.
Recently, the actions of one of the most well — known groups involved in cyber extortion, namely ALPHV (aka Black Cat), have raised a lot of questions both among researchers and among participants in the cybercrime world.
So, recently there were rumors that the group is trying to organize a large-scale scam in order to "throw" its affiliates and go out of business, taking millions of dollars with them. Now everything points to the fact that this is most likely true.
Last December, law enforcement agencies in the United States, the European Union and the United Kingdom conducted a successful operation to eliminate the ALPHV infrastructure. However, the group quickly recovered and continued its extortion activities, and the US State Department even awarded a $ 10 million reward for any information that could lead to the identification and arrest of ALPHV leaders.
After the recent attack on Change Healthcare, which, according to rumors, ended with the payment of a ransom of $ 22 million, a message appeared on the Internet from an affiliate of the group, claiming that the leaders of ALPHV appropriated this money for themselves, closed their communication channels and "disappeared from the radar."
Around the same time, a notice appeared on the group's darknet site stating that the ALPHV infrastructure had been eliminated by the authorities. Again. However, many cyber experts were quick to comment on the incident, saying that the intelligence agencies most likely had nothing to do with what happened to ALPHV this time. Everything pointed to the fact that the hackers themselves edited their site and hung up a fake hacking notification left over from the December liquidation.
Representatives of Europol and the National Crime Agency of Great Britain also said that they were not involved in the recent closure of the ALPHV website, although their logos are indicated in the notification on the group's website.
Even the administrator of the cybercrime forum RAMP is sure that this is a so-called "exit scam" in order not to share the remaining money of the group with its affiliates. After all, in addition to $22 million from Change Healthcare, the group could have accumulated a lot of cash buybacks that they "did not have time" to share with their partners.
Cybersecurity experts confirm that such scams are not uncommon for criminal groups, but the use of a fake notification of seizure by the authorities has become a new and very unusual method of "getting out of the game".
As a result, the group leaders later admitted that the whole situation was part of their plan to shut down the project, and announced in their channel on the Tox platform that they were selling the source code of their ransomware for $ 5 million.
At the end of this epic, I would like to note that the ALPHV/BlackCat brand is most likely now officially dead. After all, none of the new affiliates will want to deal with such duplicitous cybercriminals.
However, if ALPHV leaders want to, they can always return to the game under a different name, because in the era of digital anonymity and neural networks, hackers can easily come up with a new name, logo, legend and gain new "followers".
Recently, the actions of one of the most well — known groups involved in cyber extortion, namely ALPHV (aka Black Cat), have raised a lot of questions both among researchers and among participants in the cybercrime world.
So, recently there were rumors that the group is trying to organize a large-scale scam in order to "throw" its affiliates and go out of business, taking millions of dollars with them. Now everything points to the fact that this is most likely true.
Last December, law enforcement agencies in the United States, the European Union and the United Kingdom conducted a successful operation to eliminate the ALPHV infrastructure. However, the group quickly recovered and continued its extortion activities, and the US State Department even awarded a $ 10 million reward for any information that could lead to the identification and arrest of ALPHV leaders.
After the recent attack on Change Healthcare, which, according to rumors, ended with the payment of a ransom of $ 22 million, a message appeared on the Internet from an affiliate of the group, claiming that the leaders of ALPHV appropriated this money for themselves, closed their communication channels and "disappeared from the radar."
Around the same time, a notice appeared on the group's darknet site stating that the ALPHV infrastructure had been eliminated by the authorities. Again. However, many cyber experts were quick to comment on the incident, saying that the intelligence agencies most likely had nothing to do with what happened to ALPHV this time. Everything pointed to the fact that the hackers themselves edited their site and hung up a fake hacking notification left over from the December liquidation.
Representatives of Europol and the National Crime Agency of Great Britain also said that they were not involved in the recent closure of the ALPHV website, although their logos are indicated in the notification on the group's website.
Even the administrator of the cybercrime forum RAMP is sure that this is a so-called "exit scam" in order not to share the remaining money of the group with its affiliates. After all, in addition to $22 million from Change Healthcare, the group could have accumulated a lot of cash buybacks that they "did not have time" to share with their partners.
Cybersecurity experts confirm that such scams are not uncommon for criminal groups, but the use of a fake notification of seizure by the authorities has become a new and very unusual method of "getting out of the game".
As a result, the group leaders later admitted that the whole situation was part of their plan to shut down the project, and announced in their channel on the Tox platform that they were selling the source code of their ransomware for $ 5 million.
At the end of this epic, I would like to note that the ALPHV/BlackCat brand is most likely now officially dead. After all, none of the new affiliates will want to deal with such duplicitous cybercriminals.
However, if ALPHV leaders want to, they can always return to the game under a different name, because in the era of digital anonymity and neural networks, hackers can easily come up with a new name, logo, legend and gain new "followers".
