The BlackCat ransomware group is experimenting with a new method of threatening victims into paying extortion building a fake website on the open internet that displays the personal information that was stolen from the victim.
ALPHV, commonly known as BlackCat ransomware, is notorious for experimenting with unique forms of extortion in an effort to coerce and shame its victims into making a payment. All of the information appears to be accessible on the fake website, which redirects to a domain name that is slightly misspelled compared to the domain of the consulting business.
Hackers Infiltrate a firm
On December 26, the malicious actors disclosed to have infiltrated a financial services company on their data leak website, which was concealed on the Tor network.
BlackCat publicized all the obtained files as punishment because the victim did not comply with the threat actor's demands, being a common practice for ransomware operators. Instead of following the typical procedure, the hackers chose to publish the data on a website that closely resembles the victims in terms of both design and domain name.
A variety of materials are located on the cloned website, including payment forms, asset and expense information, employment information, notes to staff, financial information for partners, and passport scans. A file-sharing service was also used to distribute the 3.5GB of documents.
According to Brett Callow, a threat researcher at the security firm Emsisoft, published data on a typosquatting site might cause the target company more concern than disseminating it via a webpage on the Tor network, which is primarily used by the infosec community.
This approach might signify the beginning of a new trend that other ransomware gangs may embrace, notably since the costs to execute it are negligible. It includes disclosing the identity of the infiltrated firm, taking data, and threatening to disclose it unless a ransom is paid, as well as the DDoS threat.
