A new FBI decryption tool is helping companies recover from ransomware attacks from the same group that invaded MGM Resorts in September. [Image: Shutterstock.com]
Regain some control
One of the biggest disruptions in the US gaming sector this year was the cyberattack on MGM Resorts International. This caused the company’s computer systems to fail for weeks and caused widespread disruption across many of its properties.
has already spared victims from paying a $68 million ransom
The Justice Department announced Tuesday that a new decryption tool developed by the FBI will help parties recover from similar attacks by the ALPHV/Blackcat hacking group. It has already saved victims from paying a $68 million ransom. The FBI also used a confidential source to infiltrate Blackcat’s computer network and take control of numerous Blackcat-operated websites.
The dark web site ALPHV no longer displays victims’ files and has a banner stating that the site is now under the control of law enforcement.
A lucrative business
The ransomware group has successfully locked down many large companies and institutions and demanded ransoms in exchange for restoring the systems. The software was used to devastating effect at MGM in September, with hackers initially gaining access through social engineering.
MGM shut down its systems, causing a variety of problems, including disruptions to reservations, communications and even slot machines. Although MGM did not pay a ransom and eventually got everything back up and running, the consequences of the attack will cost the company about $100 million.
Ransom demands of over $500 million and seizure of nearly $300 million
According to the Cybersecurity and Infrastructure Security Agency (CISA), the ransomware group has compromised more than 1,000 companies, nearly 75% of them in the United States. This resulted in over $500 million in ransom demands and Blackcat secured nearly $300 million in payments by September.
A productive group
Other victims of the malware included local U.S. governments and hospitals, typically in two attacks. In addition to locking systems and demanding ransoms, they often access customers’ private data and publish it on the dark web.
In addition to the ransom, the costs of these attacks include theft and destruction of protected information, incident response costs, and business disruption.
The Justice Department statement described ALPHV/Blackcat as “the second most prevalent ransomware-as-a-service variant in the world” over the past 18 months. Several European organizations participated in the investigation, led by the FBI Miami Field Office.
