iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The Australian Federal Police (AFP) has revealed that it played a role in the international operation that took down the prolific Russia-based ALPHV threat group.
The ransomware group, which also goes by the BlackCat moniker, was taken down in a joint operation led by the FBI on 7 December with the assistance of European law enforcement agencies and the AFP.
Since first appearing a couple of years ago, the FBI has said that the threat group has hit over 1,000 organisations, raking in over US$300 million. As part of its operations
According to AFP Cyber Command Assistant Commissioner Scott Lee, at least 56 Australian organisations had been targets of the ransomware group.
“This ransomware group first came to law enforcement attention in 2021 and has had a significant impact on the Australian community and on entities around the world,” Lee said.
“We have so far identified 56 Australia-based victims across both corporate and government sectors, and we are engaging with victims to provide decryption keys to restore their systems where we can. Those decryption keys are similar to a password.”
Lee added that the AFP has worked closely with the FBI, which has developed a decryption tool for affected organisations.
“The unlawful activity by BlackCat had a severe impact on Australian businesses, many of which remain without access to some key systems,” he added.
“The AFP has worked closely with our Five Eyes Law Enforcement Group (FELEG) partner, the FBI, to ensure action was taken on behalf of Australian businesses.
“The FBI developed a decryption tool that allowed law enforcement partners around the world to offer more than 400 affected victims the capability to restore their systems.”
The ALPHV ransomware group has been responsible for breaches on a number of high-profile Australian targets in the last year, largely as a result of the cyber attack on HWL Ebsworth.
Australian victims of the supply chain attack include the big four banks, the Office of the Australian Information Commissioner (OAIC), and a number of other Australian government agencies, including the AFP itself.
Industry has responded to the takedown positively, celebrating the efforts of the FBI and its allies.
Mandiant Consulting’s chief technology officer for Google Cloud, Charles Carmakal, said the takedown “is a huge win for law enforcement and the community”.
“ALPHV was one of the most active ransomware-as-a-service (RaaS) programs, and they worked with both Russian affiliates and English-speaking Western affiliates,” he said.
He added that despite the win, affiliates are likely to shift to other threat groups and should be monitored. LockBit has already advertised to ALPHV’s affiliates.
The AFP has reiterated that the Australian government stands against paying ransom to threat actors and has said that ransomware and other cyber crime have a devastating impact on the economy.
“On average, one cybercrime is reported every six minutes, with ransomware alone causing up to $3 billion in damages to the Australian economy every year,” Lee said.
“We urge anyone who has been the target of a BlackCat ransomware attack or any other ransomware breach and has not yet reported it, to report to police.
“If we are alerted to an incident in its earliest moments, we have our best shot at gathering the evidence we need to identify those responsible for the attack, disrupt their activities and bring them to justice.”
Be the first to hear the latest developments in the cyber industry.
