Scroll Top

FBI Offers Decryption Tool for Blackcat Ransomware


The Justice Department announced today a disruption campaign against the Blackcat ransomware group — also known as ALPHV or Noberus — that has targeted the computer networks of more than 1,000 victims and caused harm around the world since its inception, including networks that support U.S. critical infrastructure.

The FBI developed a decryption tool that allowed FBI field offices across the country and law enforcement partners around the world to offer over 500 affected victims the capability to restore their systems.

“The FBI continues to be unrelenting in bringing cybercriminals to justice and determined in its efforts to defeat and disrupt ransomware campaigns targeting critical infrastructure, the private sector, and beyond,” said FBI Deputy Director Paul Abbate.Hacker use everyday programs to do evil

According to the unsealed warrant, Blackcat actors have compromised computer networks in the United States and worldwide.

The disruptions caused by the ransomware variant have affected U.S. critical infrastructure. Globally these disruptions have caused damage in the hundreds of millions and includes ransom payments, destruction and theft of proprietary data, and costs associated with incident response.

The infrastructure includes government facilities, emergency services, defense industrial base companies, critical manufacturing, and healthcare and public health facilities – as well as other corporations, government entities, and schools.

Blackcat uses a ransomware-as-a-service model in which developers are responsible for creating and updating ransomware and for maintaining the illicit internet infrastructure. Affiliates are responsible for identifying and attacking high-value victim institutions with the ransomware. After a victim pays, developers and affiliates share the ransom.

The affiliate then seeks a ransom in exchange for decrypting the victim’s system and not publishing the stolen data. When a victim refuses to pay a ransom, these actors commonly retaliate by publishing stolen data to a leak website where it becomes publicly available.

Victims of Blackcat ransomware are strongly encouraged to contact their local FBI field office at for further information and to determine what assistance may be available.


Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.