Situs Slot Gacor

Ransomware Group launches searchable victim data – Krebs on Security

Cybercrime groups that specialize in stealing corporate data and demanding ransoms for not publishing them have tried countless approaches to shame their victims into paying. The latest innovation in turning up the heat comes from ALPHV / BlackCat ransomware group, which has traditionally published all stolen victim data on the Dark Web. Today, however, the group began publishing individual victim sites on the public Internet, with the leaked data available in an easily searchable form.

Ransomware Group launches searchable victim data – Krebs on Security

The ALPHV site claims to care about people’s privacy, but they let anyone see the sensitive stolen data.

ALPHV recently announced on its victim shaming and extortion website that they had hacked a luxury spa and resort in the western United States. Once during the last 24 hours, ALPHV published a website with the same victim’s name in the domain, and their logo on the website.

The website claims to list the personal information of 1,500 resort employees and more than 2,500 residents at the facility. At the top of the page there are two “Check yourself” buttons, one for employees and another for guests.

Brett Callowa threat analyst with security firm Emsisoft, called ALPHV’s move “a cunning tactic” that will surely worry their other victims.

Callow said that most of the offer-shaming blogs maintained by the large ransomware and ransomware groups exist on obscure sites with slow loading on Darknet, only available using third-party software such as Tor. But the website created by ALPHV as part of this new press tactic is available on the open Internet.

“Businesses are likely to be more concerned about the possibility of their data being shared in this way than just being posted on an obscure Tor website that hardly anyone knows the URL of,” Callow said. “It will irritate people and make class actions more likely.”

It is unclear whether ALPHV plans to follow this approach with each victim, but other recent victims of the crime group include a school district and an American city. Most likely this is a test run to see if it improves the results.

“We will not stop, our leak distribution department will do its best to bury your business,” the victim’s website said. “At this point, you still have a chance to keep the hotel’s security and reputation. We strongly recommend that you be proactive in your negotiations; you do not have much time. “

ALPHV, which appeared in November 2021, is perhaps best known for its programming language (it is written in Rust). ALPHV has actively recruited operators from several ransom organizations – including REvil, BlackMatter and DarkSide – and offers affiliates up to 90 percent of ransoms paid by a victim organization.

Many security experts believe ALPHV / BlackCat is simply a rebrand of another ransomware group – “Dark side“aka”BlackMatter“, the same gang that was responsible for the 2021 attack on the Colonial Pipeline that caused fuel shortages and price increases for several days last summer.

Callow said there may be an upside to this ALPHV innovation, noting that his wife recently heard directly from another ransomware group – Cl0p.

“Positively, stunts like this mean that people can actually find out that their PI has been compromised,” he said. “Cl0p sent an email to my wife last year. The company that lost her data has still not published or notified the people who were affected (at least she has not heard from the company.)

Source link

Back to top button