Global Crackdown on Cybercrime Cripples ALPHV Ransomware and ‘Kingdom Market’

International Cooperation Shuts Down Illegal Marketplace Kingdom Market

The Frankfurt General Prosecutor’s Office and the BKA, the German Federal Criminal Police, have shut down the “Kingdom Market,” an illicit darknet marketplace. The operation consisted of an international effort and included the seizure of servers across multiple countries. It targeted the English-speaking platform operational since March 2021. The platform primarily traded illegal drugs, but also offered malware, criminal services, and fake documents.

The site listed over 42,000 products, with 3,600 from Germany, and had numerous customer and seller accounts. Transactions were made using cryptocurrencies, with the operators taking a 3% commission. The marketplace’s operators are accused of illegal drug trafficking and running a commercial criminal trading platform. The operation involved collaboration with law enforcement from the USA, Switzerland, Moldova, and Ukraine.

FBI Proudly Announces We “Hacked the Hackers”

In another concerted effort, the United States Justice Department has just delivered a blow to the Blackcat ransomware group (which also goes by ALPHV or Noberus). The group has affected over 1,000 victims globally, which has included critical infrastructure in the United States. ALPHV/Blackcat, operational for 18 months, is the world’s second most prolific ransomware-as-a-service variant, causing hundreds of millions of dollars in damage. The FBI developed a decryption tool, helping over 500 victims worldwide restore their systems, saving them from approximately US$68 million (AU$100 million) in ransom demands. The FBI also gained insight into Blackcat’s network and seized their websites.

In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers. With a decryption tool provided by the FBI to hundreds of ransomware victims worldwide, businesses and schools were able to reopen, and health care and emergency services were able to come back online. We will continue to prioritise disruptions and place victims at the centre of our strategy to dismantle the ecosystem fueling cybercrime.

Lisa O. Monaco, Deputy Attorney General

The group’s ransomware attacks managed to impact government facilities, emergency services, defence, manufacturing, healthcare, corporations, and schools globally. The department said Blackcat uses a “ransomware-as-a-service model,” where developers create ransomware and maintain infrastructure, while affiliates attack victims. They also employ a multiple extortion model, stealing data before demanding ransoms for decryption and non-disclosure. The case was a multi-agency, multi-country effort against these nefarious actors.

“Today’s announcement highlights the Justice Department’s ability to take on even the most sophisticated and prolific cybercriminals. As a result of our office’s tireless efforts, alongside FBI Miami, U.S. Secret Service, and our foreign law enforcement partners, we have provided Blackcat’s victims, in the Southern District of Florida and around the world, the opportunity to get back on their feet and to fortify their digital defences. We will continue to focus on holding the people behind the Blackcat ransomware group accountable for their crimes.”

Markenzy Lapointe, U.S. Attorney for the Southern District of Florida