Defiant BlackCat Gang Stands Up New Site, Calls for Revenge Attacks

Ransomware group tries to claw back operations following FBI disruption, and lifts a previous ban on attacks against critical infrastructure in retaliation.

BlackCat/ALPHV ransomware leaders claim they have restarted operations on the groups primary blog, despite the Department of Justice claim that it gained control of the site. Further, in retaliation for the law enforcement actions against the gang, they announced they have dropped a previous ban on cyberattacks against critical infrastructure.
BlackCat
also claimed that, beyond unseizing the sites, the decryption key being offered by the FBI is outdated and from an older blog, according to a reading of the
groups message
from Dec. 19 by Flashpoint researchers.
Its a bold claim, but experts have their doubts about BlackCats ability to mount such a quick comeback.
First, the data and server have indeed been
seized by the FBI
, and there are no takebacks, Steve Stone from Rubrik Zero Labs explains. Stone tells Dark Reading the idea of seizing and unseizing the site is being widely misunderstood in the public discourse.
Put simply, the
FBI and other law enforcement
organizations have successfully seized control of a data repository and also took control of/took down the ALPHV site they used to run their ransomware-as-a-service (RaaS) operations, Stone says. ALPHV has responded by spinning up a new server and applying their security key, which makes this the new site.
Next, the FBI will revert the new site to the old one already in their control, and the cycle continues, he predicts.
The FBI then works to revert it to the original/seized one, Stone says. Then ALPHV does it again, as we saw yesterday.
Meanwhile, the threat of fresh
cyberattacks on critical infrastructure
as a result of BlackCats lifting of restrictions for its affiliates is very real, cybersecurity insiders warn.
Given ALPHVs new stance, there is a real possibility of an increase in cyberattacks on critical infrastructure, says Chris Grove, director of cybersecurity strategy for Nozomi Networks. Organizations operating critical infrastructure should be on heightened alert, as these developments could re-awaken a dormant phase in cybercriminal tactics where CI is fair play.
Ransomware is a lucrative business and BlackCat isnt likely to give it up without a fight, Grove adds.
Although this groups operations are degraded, they might act out of desperation to maintain their image as a safe system for hackers to leverage for their criminal activities, Grove says. In a short period of time theyve been able to pull in $300 million to fund these types of operations, something they will fight for at the expense of our societys safety and peace.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Defiant BlackCat Gang Stands Up New Site, Calls for Revenge Attacks