According to the Federal Bureau of Investigation (FBI), the ALPHV/BlackCat ransomware group has accumulated over $300 million in extortion payments from over 1,000 victims globally as of September 2023.
The FBI states that ALPHV Blackcat affiliates has vast networks and expertise in conducting ransomware and data extortion operations.
“As of September 2023, the FBI reports that ALPHV Blackcat affiliates have successfully hacked more than 1000 organizations. Around 75 percent of these entities are located in the United States, while approximately 250 are located outside the United States. The hackers have demanded a total of over $500 million in ransom, and have received nearly $300 million in payments.”
The joint advice, released today in partnership with CISA, includes mitigation strategies provided by the FBI. These procedures aim to assist network defenders and critical infrastructure companies in minimizing the consequences and hazards linked to the assaults carried out by this ransomware gang.
The FBI recently identified ALPHV IOCs (indicators of compromise) and TTPs (tactics, methods, and procedures), which were also shared by the two agencies on December 6.
It is highly recommended for network defenders to give priority to fixing vulnerabilities that are being actively exploited and to implement multifactor authentication (MFA) with strong passwords for all services, particularly for webmail, VPN, and accounts associated with vital systems.