FBI Seizes Darknet Website for Ransomware Group in MGM Cyberattack

Posted on: December 20, 2023, 08:23h. 

Last updated on: December 20, 2023, 10:51h.

Devin O'Connor @CasinoorgDevinO Read More
Expertise: Asia Pacific Gaming, Commercial Gaming, Legislation, Politics.

The U.S. Justice Department and the Federal Bureau of Investigations (FBI) have seized the darknet website belonging to the ransomware group that took credit for the August cyberattack on MGM Resorts.

FBI cyberattack decryption Blackcat
A screenshot of the darknet homepage of the criminal hacking group behind the MGM Resorts cyberattack after it was seized by federal law enforcement in the U.S. The FBI has developed a decryption tool that allows victims to more easily free their data and avoid paying a ransom. (Image: FBI)

A group known as Scattered Spider initially claimed responsibility for the September cyberattack on MGM. Scattered Spider was later deemed by federal law enforcement to have used a software strain called Alphv, and of working in conjunction with a larger cyber gang called Blackcat.

The FBI on Tuesday confirmed a disruption campaign against Blackcat. In conjunction with an international group of law enforcement agencies, the DOJ and FBI successfully seized the darknet website of the criminal group and posted a notification on its homepage.

“This website has been seized,” the Blackcat homepage now reads. “The Federal Bureau of Investigations seized this site as part of a coordinated law enforcement action taken against ALPHV Blackcat Ransomware.”

Decryption Tool Deployed

Along with seizing the online home of the criminal group said to have cost MGM more than $100 million, the FBI announced the development of a decryption tool that allows federal law enforcement to assist victims in restoring their systems. Blackcat and many other cyber criminals often encrypt a victim’s data, essentially locking the company or person out of their network until a ransom is paid.

In disrupting the Blackcat ransomware group, the Justice Department has once again hacked the hackers,” said Deputy Attorney General Lisa Monaco.

Monaco revealed that the decryption tool has been in use for an unspecified period and has helped over 500 affected victims restore their systems. The FBI says the tool has allowed businesses and schools to more quickly reopen and helped critical health care and emergency services networks get back online expeditiously.

The FBI believes the decryption tool has already saved at least $68 million in ransom demands. Victims around the world have paid an unknown amount over the past year, a total the Justice Department agency can only estimate to be in the “hundreds of millions of dollars.”

Caesars Entertainment was hit with a similar cyberattack to MGM in August. But unlike its primary competitor, Caesars opted to pay a ransom, said to be around $15 million.

Holiday Consumer Alert

The U.S .Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, says the holidays are the most active time of the year for cybercriminals. The agency tells consumers to take proactive steps to keep their personal information secure on the internet.

Those tips include regularly updating your devices with the latest software. CISA also recommends changing passwords when prompted and using two-factor authentication when available.

Another recommendation is to only shop online through trusted websites and to avoid making purchases while on a public Wi-Fi network. Using a credit card as opposed to a debit card is also suggested, as there are laws to limit your liability for fraudulent credit card charges that may not come with a debit card.

The government also advises to be wary of emails requesting personal information.

“Legitimate businesses will not solicit this type of information through email,” a CISA tip sheet read.