A dark web leak site operated by the notorious ransomware group APLHV/BlackCat was taken offline on December 7. An ALPHV’s server admin said that repairs are underway, but didn’t share any details.
Tech news site BleepingComputer reported that “unique Tor negotiation URLs shared with victims in ransom notes are also down, indicating a disruption to the ransomware gang's public-facing infrastructure and a halt to ongoing negotiations.”
When asked, APLHV administrators told VX Underground security researchers that they are having problems with their hosting provider. Soon after, the AlphV qtox account status was changed from “repair” to a message: “Everything will work soon.” However, the admins did not reveal, how long the site is expected to be down.
While the exact cause of the issue is currently unknown, it is suspected that law enforcement may be behind the outage.
Intel company RedSense Intelligence has posted on X (formerly Twitter) that it “can confirm that ALPHV aka BlackCat ransomware gang’s site has been taken down by law enforcement.” However, there’s no concrete evidence that the gang’s site was taken down by police.
