Ransomware gang cloned sufferer’s web site to leak stolen information

The ALPHV ransomware operators have gotten artistic with their extortion tactic and, in at the…

Ransomware gang cloned sufferer’s web site to leak stolen information

Ransomware gang cloned sufferer’s web site to leak stolen information

The ALPHV ransomware operators have gotten artistic with their extortion tactic and, in at the least one case, created a reproduction of the sufferer’s website to publish stolen information on it.

It seems that ALPHV, also called BlackCat ransomware, is thought for testing new extortion techniques as a method to stress and disgrace their victims into paying.

Whereas these techniques might not be profitable, they introduce an ever-increasing menace panorama that victims have to navigate.

Hackers make stolen information simpler to get

On December 26, the menace actor printed on their information leak website hidden on the Tor community that that they had compromised an organization in monetary providers.

Because the sufferer didn’t meet the menace actor’s calls for, BlackCat printed all of the stolen recordsdata as a penalty – an ordinary step for ransomware operators.

As a deviation from the standard course of, the hackers determined to additionally leak the information on a website that mimics the sufferer’s so far as the looks and the area title go.

ALPHV impersonating victim site with modified headings
ALPHV ransomware impersonates sufferer website to leak stolen information
supply: BleepingComputer

The hackers didn’t preserve the unique headings of the positioning. They used their very own headings to arrange the leaked information.

The cloned website is on the clear internet to make sure the large availability of the stolen recordsdata. It at present exhibits varied paperwork, from memos to employees, cost kinds, worker information, information on property and bills, monetary information for companions, and passport scans.

ALPHV leaks stolen data on site impersonating the victim
ALPHV ransomware publishes stolen information on website impersonating the sufferer
supply: BleepingComputer

In whole, there are 3.5GB of paperwork. ALPHV additionally shared the stolen information on a file-sharing service that permits nameless importing and distributed the hyperlink on its leak website.

New pattern forming

Brett Callow, menace analyst at cybersecurity firm Emsisoft, mentioned that sharing the information on a typosquatted area can be an even bigger concern to the sufferer firm than distributing the information by a web site on the Tor community, which is thought primarily by the infosec group.

“I would not be in any respect shocked if Alphv had tried to weaponize the agency’s purchasers by pointing them to that web site” Brett Callow

This tactic may signify the beginning of a brand new pattern that could be adopted by different ransomware gangs, particularly for the reason that prices to do it are removed from important.

Ransomware operations have at all times seemed for brand spanking new choices to extort their victims. Between publishing the title of the breached firm, stealing information and threatening to publish it except the ransom is paid, and the DDoS menace, this tactic may signify the beginning of a brand new pattern that could be adopted by different ransomware gangs, particularly for the reason that prices to do it are removed from important.

It’s unclear presently how profitable is that this stratagem but it surely exposes the breach to a bigger viewers, placing the sufferer right into a extra delicate place as its information is available with none restriction.

ALPHV is the primary ransomware gang to create a seek for particular information stolen from their victims. The pages are for purchasers and staff of their victims to verify if their information was stolen by the hackers.