Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



US Offers $10 Million for Information on BlackCat Ransomware Leaders

The US announces a $10 million reward for information on key members of the Alphv/BlackCat ransomware group.

Two months after taking down the Alphv/BlackCat ransomware operation, the US announced a $10 million reward for information on the cybergang’s key members.

Operating since late 2021 under the ransomware-as-a-service business model, BlackCat has made over 1,000 victims worldwide, including organizations such as MGM Resorts, NCR, Reddit, Swissport, and Western Digital.

In early December 2023, the group’s Tor-based website went offline following a presumed law enforcement takedown that was officially confirmed roughly two weeks later, when the FBI also released a free decryption tool for the ransomware’s victims.

The takedown was possible after the FBI obtained credentials providing access to the panels the group’s members were using for communication.

In response, the cybergang briefly “unseized” its domain and announced lifting all restrictions imposed on affiliates, allowing them to target any type of organization in any country.

The group also claimed that the decryption tool was only good for roughly 400 organizations, but that more than 3,000 other victims would never recover their data.

According to the FBI, the decryption tool has helped dozens of victims restore their systems, saving them from paying up approximately $99 million in ransom demands.

Now, the US is offering a reward of up to $10 million for information that would help law enforcement identify or locate the BlackCat group leaders, and up to $5 million for information leading to the arrest or conviction of any group affiliate.

Advertisement. Scroll to continue reading.

The US has set up a tip line that can be accessed using the Tor browser, and encourages interested parties to provide information using that portal, via local FBI offices, or via US embassies.

Last week, the US announced a $10 million reward for information on the leaders of the Hive ransomware, which was disrupted in January 2023.

Related: Ransomware Attack Knocks 100 Romanian Hospitals Offline

Related: Ransomware Payments Surpassed $1 Billion in 2023: Analysis

Related: The Ransomware Threat in 2024 is Growing: Report

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.


Johnson Controls has confirmed being hit by a disruptive cyberattack, with a ransomware group claiming to have stolen 27Tb of information from the company.