Ransomware gang creates site for employees to search for their stolen data

LASER_oneXM · Jun 15, 2022

The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack

When ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat actor starts to encrypt devices.
The stolen data is then used in double-extortion schemes, where the hackers demand a ransom payment to deliver a decryptor and prevent the public release of corporate data.

To pressure victims into paying, ransomware gangs create data leak sites where they slowly release portions of the stolen data or email customers and employees warning them that their info was stolen.

plat · Aug 17, 2022

Ransomware groups typically used to just encrypt a victim’s files and demand a payment to unlock them. Then many of them began stealing files, too, threatening to post the data unless they were paid an additional fee. But often the stolen data was difficult to access.

Black Cat has attempted to solve the issue. In June, the group began making stolen data searchable on its website. The result is that victim data is easier to view online, which maximizes the reputational damage that a company could face and gives the hackers more leverage as they seek to extort a large payout.

Cybersecurity researchers at Unit 42, a cybersecurity team at Palo Alto Networks, have linked Black Cat’s members to Russia, pointing out that the group communicates to its members or affiliates in the Russian-language and is known to operate on Russian cybercrime forums.