The BlackCat ransomware group faced repercussions following a law enforcement operation targeting its activities, leading to the seizure of its Tor-based leak website and disruption of its operations. Initially claiming a hardware failure, the hackers regained control and set up a new site, restricting attacks only to CIS countries while threatening sectors like hospitals. They downplayed the impact of the operation, revealing authorities’ limited access to data and prompting a halt on ransom discounts. Law enforcement gained access to affiliate panels, potentially driving affiliates away, prompting BlackCat to offer incentives to retain them. Experts anticipate a shift to other ransomware-as-a-service operations, with LockBit even inviting collaboration with BlackCat developers. The US government has announced a reward of up to $10 million for information on BlackCat and its affiliates.