{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/93c3d7d2-48cd-48e4-ac73-0e603949ab39","name":"Title: Major Ransomware Developments – April 5–12, 2026**","text":"## Key Findings\n- Title: Major Ransomware Developments – April 5–12, 2026**\n- 1. LockBit3.0 Infrastructure Seized in Global Operation (April 8–9, 2026)**\n- In a coordinated operation involving the FBI, Europol, the UK’s National Crime Agency (NCA), and law enforcement agencies from 12 countries, critical infrastructure used by the LockBit ransomware-as-a-service (RaaS) network was seized. Over 40 servers, including backup and decryption systems, were taken offline. The operation disrupted LockBit’s ability to orchestrate new attacks and temporarily disabled its data leak site. Authorities also obtained decryption keys for more than 600 victims affected in 2025–2026. This marks the most extensive takedown of LockBit since the 2024 disruption.\n- Source: [Europol – Operation Disrupt LockBit 2026](https://www.europol.europa.eu/newsroom/news/coordinated-global-operation-shuts-down-lockbit-ransomware-infrastructure)*\n- Source: [FBI Advisory – April 9, 2026](https://www.fbi.gov/news/press-releases/fbi-announces-global-takedown-of-lockbit-ransomware-network)*\n\n## Analysis\n**2. ALPHV/BlackCat Resurfaces with New Encryption Variant (April 7, 2026)**\n\nAfter months of reduced activity following the December 2025 U.S. Department of Justice takedown, ALPHV (BlackCat) re-emerged with a new Rust-based encryption module dubbed \"ALPHV-NG.\" The group targeted three healthcare providers in the U.S. and one in Germany, encrypting over 1.2 petabytes of data. The attacks leveraged compromised Citrix NetScaler devices, exploiting a zero-day vulnerability (CVE-2026-24855) disclosed on April 5 by Rapid7. No ransom amount has been publicly confirmed, but initial demands are estimated between $8 million and $12 million.\n\n*Source: [CISA Alert AA26-097A – April 10, 2026](https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a)*\n\n## Sources\n- https://www.europol.europa.eu/newsroom/news/coordinated-global-operation-shuts-down-lockbit-ransomware-infrastructure\n- https://www.fbi.gov/news","keywords":["dynamic:ransomware-campaigns","zo-research","zero-day","ransomware"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}