FBI Disruption Campaign Targets ALPHV, Group Linked to MGM, Caesars Hacks

the fbi has seized websites belonging to alphv, the ransomware hacker group responsible for attacks on mgm resorts, caesars.

The Federal Bureau of Investigation (FBI) has seized websites belonging to ALPHV, the ransomware hacker group responsible for thousands of attacks globally, including the hacks that hobbled MGM Resorts International and extorted millions from Caesars Entertainment.

The move announced on Dec. 19 is part of a disruption campaign against the Blackcat ransomware group — also known as ALPHV and Noberus. In addition to seizing “several” websites, the FBI deployed a decryption tool to more than 500 victims. The new tech allows those affected to restore their compromised systems.

In disrupting the ransomware group, the US Justice Department (DOJ) has again “hacked the hackers,” Deputy Attorney General Lisa O. Monaco said in a release.

With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritize disruptions and place victims at the center of our strategy to dismantle the ecosystem fueling cybercrime.

Unfortunately, the judicial clapback came too late for Caesars (Caesars Entertainment 36,87 -0,59%) and MGM (MGM Resorts International 35,01 -2,23%).

Ransomware Attacks Hobble MGM, Extort Caesars

In recent years, ALPHV has emerged as one of the globe’s most prolific ransomware-as-as-service providers, alongside hacker peers LockBit and Clop.

Essentially, RaaS providers write software that allows others to launch ransomware attacks for a share of the ransom.

In September, MGM Resorts operations ground to a halt after an ALPHV attack caused a system-wide outage at its US properties.

Notably, MGM refused to pay the ransom.

As a result, it was at least 10 days before operations returned to relative normalcy. However, a regulatory filing suggests the attack affected the business for weeks.

Around the same time, Caesars quietly disclosed a hacking incident via a mandatory Securities and Exchange Commission (SEC) filing. However, unlike MGM, Caesars opted to pay the hackers $15 million to minimize harm to the business and its customers.

But the MGM and Caesars hacks are just two examples among thousands of recent attacks attributed to Blackcat/ALPHV.

Disruption Just the Beginning: Feds

According to an unsealed warrant, Blackcat/ALPHV actors have compromised thousands of networks in the US and across the globe. Due to the global scale of these financial crimes, several domestic and international law enforcement agencies are investigating.

In addition to casino targets in the US, the disruptions have affected critical infrastructure, including government facilities, manufacturing, healthcare, and emergency services.

The FBI Miami Field Office leads the ongoing investigation on US soil. However, the Justice Department also recognized the “critical cooperation” and “significant assistance” of several local and international partners in the release.

Importantly, those law enforcement efforts will continue, pledged FBI Deputy Director Paul Abbate.

The FBI continues to be unrelenting in bringing cybercriminals to justice and determined in its efforts to defeat and disrupt ransomware campaigns targeting critical infrastructure, the private sector, and beyond.

Helping victims of crime is the FBI’s highest priority and is reflected here in the provision of tools to assist those victimized in decrypting compromised networks and systems. The FBI will continue to aggressively pursue these criminal actors wherever they attempt to hide and ensure they are brought to justice and held accountable under the law.

Nicole M. Argentieri, acting assistant attorney general in the DOJ’s criminal division, added:

At the Justice Department, we prioritize victim safety and security. In this case, agents and prosecutors worked tirelessly to restore victim networks, but these actions are not the culmination of our efforts, they are just the beginning.

Criminal actors should be aware that the announcement today is just one part of this ongoing effort. Going forward, we will continue our investigation and pursue those behind Blackcat until they are brought to justice.

About the Author

Robyn McNeil

Robyn McNeil

Robyn McNeil (she/they) is a Nova Scotia-based writer and editor, and a lead writer at Bonus. Here she focuses on news relevant to online casinos, while specializing in responsible gambling coverage, legislative developments, gambling regulations, and industry-related legal fights.
To Top

Get connected with us on Social Media