Ransomware Attack

FBI has released a tool to tackle ransomware linked to the MGM cyberattack

The FBI has released a decryption tool to help companies that have been targets of cyberattacks. The developers specifically designed this tool to help people affected by the group that breached MGM Resorts International’s computer systems.

The US Justice Department asserted last week that a team of US and foreign law enforcement agencies has launched a disruption operation against the hacker organisation ALPHV, commonly known as BlackCat. This group took responsibility of the nine-day MGM operational failure. Scattered Spider, a subgroup of ALPHV, joined in these events as well.

ALPHV executed an attack while penetrating MGM networks, forcing the company to shut down a significant part of its computer networks. This caused wide disruptions, such as casino floor shutdowns, faulty hotel keycards, and corporate email failures. MGM claimed that the attack’s fallout cost about $100 million in a statement to the Securities and Exchange Commission (SEC).

ALPHV/BlackCat has become the world’s second most widespread ransomware-as-a-service strain. The recognition is based on the hundreds of millions of dollars in ransoms paid by victims all around the world. Various international law enforcement organisations have launched parallel investigations due to the scale of these offences.

According to reports, Caesars Entertainment Inc. paid a $15 million ransom. The business has decided not to provide precise information on the attackers, nevertheless.

However, MGM responded to the attack in a different way by choosing not to pay a ransom. It actively endured threat by carefully shutting down several systems to prevent upcoming attack of its sensitive information.

FBI Succeeds in ALPHV Darknet Seizure and Ransomware Decryption

ALPHV and the MGM breach showed a significant increase in unity among various cybercriminal organisations. The merger is a major shift in the cyber threat situation.

Alphv’s website has been seized, and it no longer contains victim files. Law enforcement authorities currently display a message announcing they have captured it.

The FBI, as part of their ongoing investigation, got access to the computer network of the BlackCat ransomware group through a search warrant that was unsealed on December 19, 2023, within the Southern District of Florida. They have also taken down a number of websites connected to the the group.

Paul Abbate, deputy director of the FBI, said in a statement:

The FBI continues to be unrelenting in bringing cybercriminals to justice and determined in its efforts to defeat and disrupt ransomware campaigns targeting critical infrastructure, the private sector, and beyond.

Initially, the attackers who accessed MGM processes claimed to be a small group of young native English speakers working with Russian-speaking ALPHV engineers. Law enforcement has not disclosed any action taken against these English-speaking hackers, despite the FBI’s ongoing investigation against them.

Along with taking over the criminal organisation’s web surfing, the FBI also released a decryption tool. Federal law enforcement can help victims in regaining access to their systems by using this tool.

Paul Abbate added:

Helping victims of crime is the FBI’s highest priority and is reflected here in the provision of tools to assist those victimised in decrypting compromised networks and systems.

Over 500 victims had benefited from the decryption tool’s useful support in repairing their systems throughout its unknown active period. According to the FBI, its use has helped the quick reopening of businesses and institutions.

Furthermore, the tool has played a significant role in quickly restoring essential healthcare and emergency services networks, ensuring they are back up as soon as possible.

The FBI recommends that users take proactive steps to protect their personal data when using the internet. When purchasing online, avoid using public Wi-Fi networks and stick to reliable websites.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts