The FBI’s new decryption tool is helping entities recover from ransomware attacks by the same group that hacked MGM Resorts in September. [Image: Shutterstock.com]
Regain some control
One of the biggest disruptions in the US gambling industry this year was the cyberattack on MGM Resorts International. This caused the company’s computer systems to crash for weeks and caused widespread disruption at many of its properties.
It has already saved victims from paying $68 million in ransom
The Department of Justice revealed on Tuesday that a new decryption tool created by the FBI will help parties recover from similar attacks by the ALPHV/Blackcat hacker group. It has already saved victims from paying $68 million in ransom. The FBI also infiltrated Blackcat’s computer network through the help of a confidential source and took control of several websites he ran.
The dark web site ALPHV no longer displays any victims’ files and has a banner saying the site is now under the control of law enforcement.
Profitable business
The ransomware group has successfully shut down several major companies and organizations, demanding ransom money in exchange for restoring systems. The software was used to devastating effect at MGM in September, with hackers initially gaining access through social engineering.
MGM shut down its systems, leading to a wide range of issues including disruption to reservations, communications, and even slot machines. While MGM did not pay the ransom and eventually got everything back, the fallout from the attack will cost the company about $100 million.
It demands a ransom of more than $500 million and a deposit of nearly $300 million
According to the Cybersecurity and Infrastructure Security Agency (CISA), the ransomware group has compromised more than 1,000 entities, nearly 75% of which are US-based. This resulted in more than $500 million in ransom demands, and Blackcat received nearly $300 million in payments as of September.
A prolific group
Other victims of the malware included local US governments and hospitals, and the attacks were usually two-pronged. In addition to locking down systems and demanding ransom, they also often access customers’ private information and post it on the dark web.
In addition to the ransom money, the cost of these attacks includes theft and destruction of proprietary information, incident response costs, and disruption to business activities.
The DOJ statement described ALPHV/Blackcat as “the second most prevalent ransomware-as-a-service in the world” over the past 18 months. Multiple European organizations contributed to the investigation, headed by the FBI in Miami.
