Adrian Johnson
TLDR:
- The BlackCat ransomware gang pulled an exit scam on its affiliates as it disbanded.
- The gang left its affiliates without payment and became unresponsive, leading to complaints on dark web forums.
In a bold move, the BlackCat ransomware gang recently pulled an exit scam on its affiliates as it disbanded, leaving them empty-handed and frustrated. This behavior followed a December takedown of the gang’s data leak site by international law enforcement. Despite continued operations in January and February, the exit scam began in March, with affiliates complaining about not receiving their cut and accounts being closed abruptly.
The group, known for high-profile attacks like the shutdown of MGM’s casino-hotels and the recent attack on Change Healthcare, has a history of dissolving and rebranding under new names. With the recent exit scam, BlackCat’s reputation may be tarnished as its leadership faces challenges in trading on their former name. Security researchers have noted oddities in the code of the fake law enforcement seizure notice on the gang’s site, indicating a fabrication to facilitate the exit scam.
Experts in cybersecurity warn that the group’s ransomware will likely remain in circulation, posing ongoing threats to organizations. The sale of the source code could potentially expose vulnerabilities for data decryption, but the chances are slim. The incident serves as a cautionary tale about dealing with criminals, even for other criminals, and underscores the importance of having robust backups and a strong security program.
The future remains unclear for BlackCat, but the pattern of dissolution and rebranding seems likely to continue, as with many ransomware gangs in the past. The cybercrime world is closely watching the aftermath of BlackCat’s exit scam, as the group’s actions have raised questions about their motives and potential future activities.
