A new FBI decryption tool helps entities recover from ransomware attacks by the same group that breached MGM Resorts in September. [Image: Shutterstock.com]

Retaking some control

One of the biggest disruptions in the US gambling sector this year was the cyberattack on MGM Resorts International. This led to the company’s computer systems going down for weeks and caused widespread disruption at many of its properties.

has already saved victims from paying $68m in ransoms

The Justice Department revealed on Tuesday that a new FBI-created decryption tool will help parties recover from similar attacks by the ALPHV/Blackcat hacker group. It has already saved victims from paying $68m in ransoms. The FBI also has infiltrated Blackcat’s computer network through the help of a confidential source and took control of numerous websites that it operates.  

The dark web ALPHV website no longer showcases the files of any victims and has a banner saying that the website is now under the control of law enforcement.

A lucrative business

The ransomware group has successfully locked down many major companies and institutions, demanding ransom money in exchange for restoring the systems. The software was used to devastating effect on MGM in September, with hackers initially gaining access through social engineering.

MGM shut down its systems, which led to a massive range of issues including disruption to reservations, communications, and even slot machines. While MGM did not pay a ransom and eventually got everything back up and running, the fallout from the attack will cost the company about $100m.

ransom demands in excess of $500m and securing almost $300m

According to the Cybersecurity and Infrastructure Security Agency (CISA), the ransomware group has compromised more than 1,000 entities, almost 75% of them US-based. This led to ransom demands in excess of $500m and Blackcat securing almost $300m in payments as of September.

A prolific group

Some other victims of the malicious software included local US governments and hospitals, with the attacks typically being twofold. In addition to locking the systems and demanding a ransom, they often also access the private information of customers and release it on the dark web.

In addition to ransom money, the cost of these attacks includes theft and destruction of proprietary information, incident response costs, and disruption to business activities.

The Justice Department statement described ALPHV/Blackcat as “the second most prolific ransomware-as-a-service variant in the world” over the past 18 months. Multiple European organizations contributed to the investigation, headed by the FBI Miami Field Office.