Ransomware gang creates site for employees to search for their stolen data


Level 37
Thread author
Top Poster
Feb 4, 2016
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack

When ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat actor starts to encrypt devices.
The stolen data is then used in double-extortion schemes, where the hackers demand a ransom payment to deliver a decryptor and prevent the public release of corporate data.

To pressure victims into paying, ransomware gangs create data leak sites where they slowly release portions of the stolen data or email customers and employees warning them that their info was stolen.


Level 29
Top Poster
Sep 13, 2018
Ransomware groups typically used to just encrypt a victim’s files and demand a payment to unlock them. Then many of them began stealing files, too, threatening to post the data unless they were paid an additional fee. But often the stolen data was difficult to access.

Black Cat has attempted to solve the issue. In June, the group began making stolen data searchable on its website. The result is that victim data is easier to view online, which maximizes the reputational damage that a company could face and gives the hackers more leverage as they seek to extort a large payout.

Cybersecurity researchers at Unit 42, a cybersecurity team at Palo Alto Networks, have linked Black Cat’s members to Russia, pointing out that the group communicates to its members or affiliates in the Russian-language and is known to operate on Russian cybercrime forums.

Builds on an archived post here. If moderators would like to merge this post with the archived one, that would be great--@upnorth . (y)

Original source

Edited to fix Twitter link (orig. post had been deleted)
Last edited:


Staff Member
Malware Hunter
Jul 27, 2015
If moderators would like to merge this post with the archived one, that would be great--@upnorth . (y)
fortune teller wish GIF

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.