Exit Scam: BlackCat Ransomware Group Vanishes After $22 Million Payout
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner
Seizure concerns the confiscation or disruption of devices, systems, or data, with implications for digital evidence, service access, and incident response.
Search across headline titles and summaries.
Background for this topic.
Seizure is the lawful taking or securing of devices, servers, domain names, accounts, cryptocurrency, or stored digital data by an authorized authority for an investigation or legal proceeding. In information-security reporting, the term usually concerns the acquisition of digital infrastructure or evidence, not a seizure-related medical event. Authorities may take physical equipment, redirect or disable online services, or obtain data from a provider under applicable legal process.
The security challenge is preserving evidence without changing it: investigators may document the chain of custody, isolate systems, and use forensic copies while protecting originals from alteration. Live systems can contain volatile evidence, while encryption, remote access, cloud tenancy, and deleted data complicate collection. Seized infrastructure may also contain unrelated customer or employee information, creating privacy and access-control obligations. For defenders, a seizure can interrupt services and signal an investigation; maintaining accurate asset ownership records, logs, backups, and documented legal or incident-response contacts helps establish what systems and data are affected.
The threat actors behind the BlackCat ransomware have shut down their darknet website and likely pulled an exit scam after uploading a bogus law enforcement seizure banner
Affiliate Claims Administrators Kept All $22 Million Paid by Change HealthcareThe administrators of the BlackCat ransomware-as-a-service group claim law enforcement has shut down their operation. But experts and affiliates accuse the group's leadership of running an exit scam on the heels of a $22 million ransom payment by a recent victim - Optum's Change Healthcare unit.