This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure. 本播客集讨论了勒索软件即服务团伙Alphv/BlackCat可能实施的退出骗局，以及该团伙在关闭前经历的混乱数月。

The Alphv/BlackCat gang seems to be gone for good – at least in its current form – after an apparent exit scam conducted against its affiliates. Alphv/BlackCat团伙似乎已经永久消失——至少在目前的形式下——此前其明显对其下属合作伙伴实施了一场退出骗局。

BlackCat is a prolific ransomware-as-a-service threat actor that has received millions of dollars in extortion payments and taken credit for a number of high-profile attacks, such as the recent one against healthcare payment software provider Change Healthcare as well as last year’s attack against MGM Resorts. BlackCat是一个多产的勒索软件即服务威胁行为体，已收到数百万美元的勒索付款，并声称对多起高调攻击负责，例如最近针对医疗保健支付软件提供商Change Healthcare的攻击，以及去年针对米高梅度假村的攻击。

In December, the FBI led an international takedown against the gang that included the seizure of the gang’s data leak website as well as the development of a ransomware decryption tool, but BlackCat came back quickly. Over the following months, the group attacked dozens of organizations including a large number in the healthcare sector. 去年12月，美国联邦调查局主导了一次针对该团伙的国际打击行动，包括查封了该团伙的数据泄露网站以及开发了一个勒索软件解密工具，但BlackCat很快卷土重来。在随后的几个月里，该组织攻击了数十个组织，其中包括医疗保健领域的大量机构。

The story of the gang evolved further this month as in early March Wired reported on a $22 million Bitcoin transaction made to BlackCat on March 1. On March 3, an alleged affiliate of BlackCat posted a message to dark web forum Ramp stating that they were responsible for the attack on Change Healthcare, that the company paid a $22 million extortion payment to BlackCat and that gang administrators were unresponsive to the affiliate’s request for payment. 本月，关于该团伙的故事有了进一步发展。3月初，《连线》杂志报道了3月1日一笔价值2200万美元的比特币交易支付给了BlackCat。3月3日，一名自称是BlackCat合作伙伴的人在暗网论坛Ramp上发布消息称，他们对Change Healthcare的攻击负责，该公司向BlackCat支付了2200万美元的勒索款项，而团伙管理层对其合作伙伴的付款请求置之不理。

Between this, the sudden closure of affiliate accounts the next day, an attempted sale of BlackCat source code for $5 million and a law enforcement seizure notice on the gang’s data leak site that is suspected to have been falsified, security experts believe BlackCat conducted an exit scam against its affiliates. In other words, the gang apparently decided to take the money and run. 综合这些情况——次日合作伙伴账户突然关闭、试图以500万美元出售BlackCat源代码、以及在其数据泄露网站上出现疑似伪造的执法机构查封通知——安全专家认为BlackCat对其合作伙伴实施了一场退出骗局。换句话说，该团伙显然决定卷款跑路。

The fallout of BlackCat’s exit raises many questions about the operators’ motivations and strategy. On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss the chaotic exit of the notorious ransomware gang and what it could mean for the threat landscape. BlackCat退出带来的后果引发了关于其运营者动机和策略的诸多疑问。在本期《风险与重演》播客中，TechTarget的编辑Rob Wright和Alex Culafi讨论了这个臭名昭著的勒索软件团伙的混乱退出，以及这可能对威胁格局意味着什么。

Subscribe to Risk & Repeat on Apple Podcasts. 在苹果播客上订阅《风险与重演》。

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial. Alexander Culafi 是 TechTarget 编辑部的资深信息安全新闻撰稿人和播客主持人。