Ransomware groups typically used to just encrypt a victim’s files and demand a payment to unlock them. Then many of them began stealing files, too, threatening to post the data unless they were paid an additional fee. But often the stolen data was difficult to access.
Black Cat has attempted to solve the issue. In June, the group began making stolen data searchable on its website. The result is that victim data is easier to view online, which maximizes the reputational damage that a company could face and gives the hackers more leverage as they seek to extort a large payout.
Cybersecurity researchers at Unit 42, a cybersecurity team at Palo Alto Networks, have linked Black Cat’s members to Russia, pointing out that the group communicates to its members or affiliates in the Russian-language and is known to operate on Russian cybercrime forums.