Six days earlier than Christmas, the US Department of Justice loudly announced a win within the ongoing battle in opposition to the scourge of ransomware: An FBI-led, worldwide operation had focused the infamous hacking group referred to as BlackCat or AlphV, releasing decryption keys to foil its ransom makes an attempt in opposition to a whole lot of victims and seizing the darkish internet sites it had used to threaten and extort them. “In disrupting the BlackCat ransomware group, the Justice Department has once again hacked the hackers,” deputy lawyer basic Lisa Monaco declared in a statement.

Two months and one week later, nevertheless, these hackers do not seem significantly “disrupted.” For the final seven days and counting, BlackCat has held hostage the medical agency Change Healthcare, crippling its software program in hospitals and pharmacies throughout the United States, resulting in delays in drug prescriptions for an untold variety of sufferers.

The ongoing outage at Change Healthcare, first reported to be a BlackCat assault by Reuters, represents a very grim incident within the ransomware epidemic not simply resulting from its severity, its size, and the potential toll on victims’ well being. Ransomware-tracking analysts say it additionally illustrates how even legislation enforcement’s wins in opposition to ransomware teams seem like more and more short-lived, because the hackers that legislation enforcement goal in rigorously coordinated busts merely rebuild and restart their assaults with impunity.

“Because we can’t arrest the core operators that are in Russia or in areas that are uncooperative with law enforcement, we can’t stop them,” says Allan Liska, a ransomware-focused researcher for cybersecurity agency Recorded Future. Instead, Liska says, legislation enforcement usually has needed to accept spending months or years arranging takedowns that focus on infrastructure or support victims, however with out laying arms on the assaults’ perpetrators. “The threat actors just need to regroup, get drunk for a weekend, and then start right back up,” Liska says.

In one other, more moderen bust, the UK’s National Crime Agency final week led a broad takedown effort in opposition to the infamous Lockbit ransomware group, hijacking its infrastructure, seizing lots of its cryptocurrency wallets, taking down its darkish internet sites, and even acquiring details about its operators and companions. Yet lower than every week later, Lockbit has already launched a recent darkish site the place it continues to extort its victims, displaying countdown timers for each that point out the remaining days or hours earlier than it dumps their stolen knowledge on-line.

None of which means legislation enforcement’s BlackCat or Lockbit operations have not had some impact. BlackCat listed 28 victims on its darkish site for February up to now, a big drop from the 60-plus Recorded Future counted on its web site in December previous to the FBI’s takedown. (Change Healthcare is not at the moment listed amongst BlackCat’s present victims on its web site, although the hackers reportedly took credit for the attack, in keeping with ransomware-tracking web site Breaches.internet. Change Healthcare additionally did not reply to WIRED’s request for touch upon the cyberattack.)

Lockbit, for its half, could also be hiding the extent of its disruption behind the bluster of its new leak web site, argues Brett Callow, a ransomware analyst at safety agency Emsisoft. He says that the group is probably going downplaying final week’s bust partially to keep away from dropping the belief of its affiliate companions, the hackers who penetrate sufferer networks on Lockbit’s behalf and could be spooked by the likelihood that Lockbit has been compromised by legislation enforcement.