Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

AFP reveals its role in global ALPHV takedown

The Australian Federal Police (AFP) has revealed that it played a role in the international operation that took down the prolific Russia-based ALPHV threat group.

user icon Daniel Croft
Wed, 20 Dec 2023
AFP reveals its role in global ALPHV takedown
expand image

The ransomware group, which also goes by the BlackCat moniker, was taken down in a joint operation led by the FBI on 7 December with the assistance of European law enforcement agencies and the AFP.

Since first appearing a couple of years ago, the FBI has said that the threat group has hit over 1,000 organisations, raking in over US$300 million. As part of its operations

According to AFP Cyber Command Assistant Commissioner Scott Lee, at least 56 Australian organisations had been targets of the ransomware group.

============
============

“This ransomware group first came to law enforcement attention in 2021 and has had a significant impact on the Australian community and on entities around the world,” Lee said.

“We have so far identified 56 Australia-based victims across both corporate and government sectors, and we are engaging with victims to provide decryption keys to restore their systems where we can. Those decryption keys are similar to a password.”

Lee added that the AFP has worked closely with the FBI, which has developed a decryption tool for affected organisations.

“The unlawful activity by BlackCat had a severe impact on Australian businesses, many of which remain without access to some key systems,” he added.

“The AFP has worked closely with our Five Eyes Law Enforcement Group (FELEG) partner, the FBI, to ensure action was taken on behalf of Australian businesses.

“The FBI developed a decryption tool that allowed law enforcement partners around the world to offer more than 400 affected victims the capability to restore their systems.”

The ALPHV ransomware group has been responsible for breaches on a number of high-profile Australian targets in the last year, largely as a result of the cyber attack on HWL Ebsworth.

Australian victims of the supply chain attack include the big four banks, the Office of the Australian Information Commissioner (OAIC), and a number of other Australian government agencies, including the AFP itself.

Industry has responded to the takedown positively, celebrating the efforts of the FBI and its allies.

Mandiant Consulting’s chief technology officer for Google Cloud, Charles Carmakal, said the takedown “is a huge win for law enforcement and the community”.

“ALPHV was one of the most active ransomware-as-a-service (RaaS) programs, and they worked with both Russian affiliates and English-speaking Western affiliates,” he said.

He added that despite the win, affiliates are likely to shift to other threat groups and should be monitored. LockBit has already advertised to ALPHV’s affiliates.

The AFP has reiterated that the Australian government stands against paying ransom to threat actors and has said that ransomware and other cyber crime have a devastating impact on the economy.

“On average, one cybercrime is reported every six minutes, with ransomware alone causing up to $3 billion in damages to the Australian economy every year,” Lee said.

“We urge anyone who has been the target of a BlackCat ransomware attack or any other ransomware breach and has not yet reported it, to report to police.

“If we are alerted to an incident in its earliest moments, we have our best shot at gathering the evidence we need to identify those responsible for the attack, disrupt their activities and bring them to justice.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.