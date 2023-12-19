According to the Department of Justice, a coalition of U.S. and European law enforcement agencies has disrupted a ransomware operation, one of the largest currently active, that uses malicious software to lock down victims’ computer networks and demand payment. Uses software.

The department said Tuesday it is releasing a decryption tool to help victims free their computer systems from malicious software used by the group.

The type of software, called Alphav, was most famously linked to the September cyberattack. against mgm resorts, It penetrated the MGM network so successfully that the company had to shut down large portions of its computer systems, causing casino floors to shut down, hotel keycards not to function, and internal email outages. MGM later said in a Securities and Exchange Commission filing that the attack and its fallout caused them to lose approximately $100 million.

In addition to the MGM hack, AlphaV has been deployed against several U.S. hospitals and local governments in the past year, said Brett Callow, an analyst at cybersecurity company Emsisoft.

Ransomware operations often exert two kinds of pressure on the victim organization: by encrypting their computers to lock out their owners and by publishing private, potentially sensitive hacked content on a custom website on the dark web. This strategy has served as an effective way to extract payments from many corporations and governments.

Alphav and a related strain of ransomware, Blackcat, have contributed to the collection of more than $200 million in ransom payments since the end of 2021, according to a spokesperson for Chainalysis, a company that tracks cryptocurrency payments.

Tuesday’s action seeks to combat both. The victim files have now been removed from Alfav’s website, and instead a banner is displayed stating that it has been seized by law enforcement.

The Alfalfa and MGM hacks represented a significant escalation in separate cybercriminal groups working together.

The hackers who gained initial access to MGM operations appeared to be a small group of young native English speakers who had partnered with Russian-speaking Alfawise developers. The FBI previously said they were investigating the English-speaking hackers, but law enforcement has not yet announced any action against them.

In an affidavit attached to a search warrant related to the case, an FBI agent said law enforcement was assisted by a confidential informant “who routinely provides credible information related to ongoing cybercrime investigations.”

Alphav is developed from previous ransomware strains, including one that was used to shut down Colonial Pipeline’s payment systems in 2021, causing some gas shortages in the US.

There is little indication that disruption at the Justice Department will have a lasting impact. The group that developed Alfav primarily speaks Russian and is widely believed to reside in Russia, where Western law enforcement has no jurisdiction. Russian ransomware operators rarely face punishment from law enforcement there.

Kevin Collier

Source: www.nbcnews.com