Go to listing page

BlackCat Launches Dedicated Site for Victims to Search Their Stolen Data

BlackCat Launches Dedicated Site for Victims to Search Their Stolen Data
Ransomware groups are further innovating to pressurize their victims into paying the ransom. The BlackCat gang (aka AlphV) has now created a dedicated website for its customers and victims. The dedicated site allows them to check if their data was stolen in an attack.

A new tactic to put pressure

During a recent attack, the BlackCat ransomware group started releasing data allegedly stolen from a hotel and spa in Oregon. Subsequently, the group created a dedicated website for victims’ customers and employees to check if their data was stolen.
  • The group claims to have stolen 112 GB of data, including Social Security numbers, from 1,500 employees, which is available for search on a new website.
  • Using this site, employees and customers can see details about hotel guests and stays or the personal data of 1,534 employees.

About the website

  • The website is hosted on the public internet and the information is, thus, indexable by search engines, making it easily accessible to everyone via a simple search.
  • While the customer’s details include name, stay duration, and cost, the employee data includes SSNs, personal contact details, and other sensitive information.
  • The attackers even created data packs for each employee, including files related to that person's employment at the hotel, making them easily searchable on the internet.

Why this tactic?

The goal behind creating the site is to scare employees and guests into pressuring the hotel to remove their data from the web. It becomes a matter of reputation for hotels to pay the ransom to remove the leaked data quickly.

About BlackCat ransomware

BlackCat is believed to be a rebrand of the DarkSide ransomware responsible for the attack on Colonial Pipeline. This ransomware group has always been regarded as one of the top-tier ransomware operations
  • Recently, BlackCat affiliates were observed targeting Exchange servers using exploits for unpatched vulnerabilities.
  • A month ago, the FBI issued an alert with updated details of Indicators of Compromise (IoCs) used by the ransomware.


BlackCat is expecting that this tactic of having a dedicated website will increase the probability of its monetizing attacks. Thus, organizations are suggested to implement robust security layers to protect their data with strong encryption. Along with this, implementing proper access control and deploying reliable anti-malware can help.
Cyware Publisher