The ALPHV/BlackCat ransomware group added a new extortion technique that includes creating a copy of the victim's site to post stolen data on it.
The new extortion tactic
The ALPHV ransomware group published the name of a financial services firm as its victim on its data leak site. The group allegedly stole 3.5 GB of data and shared it on a file-sharing service. However, the first extortion attempt failed.
- To further pressurize victims, the attackers mimicked the victim's website and posted the pilfered data on it.
- The attackers removed the original headings and added their own to organize the leaked data. The replicated site is on the clear web to ensure the wide availability of the stolen files.
- The replicated site shows numerous documents, payment forms, memos to staff, employee details, data on assets/expenses, passport scans, and financial data for partners.
Shaping of the new tactic
An expert claimed that this new extortion tactic could be the beginning of a new trend that other ransomware groups may also adopt.
- Sharing data on a typosquatting domain is a bigger concern to a victim firm than sharing data via a website on the Tor network, as it provides much wider exposure to the leaked data.
- The stolen data gets exposed on the internet without any restriction, and victims won’t want their customers to view the leaked data.
Besides, ALPHV/BlackCat is the first group to create a search option for specific data stolen from victims.
Conclusion
Cybercriminals keep coming up with new tactics to extort victims. Organizations are always suggested to deploy anti-ransomware measures and invest handsomely in the overall security of their networks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/d576_shutterstock_1492136321.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_350982164.jpg)
