Cybercrime teams focusing on stealing company information and demanding a ransom to not publish it have tried numerous approaches to shaming their victims into paying. The most recent innovation in ratcheting up the warmth comes from the ALPHV/BlackCat ransomware group, which has historically revealed any stolen sufferer information on the Darkish Net. At this time, nevertheless, the group started publishing particular person sufferer web sites on the general public Web, with the leaked information made obtainable in an simply searchable kind.
The ALPHV web site claims to care about individuals’s privateness, however they let anybody view the delicate stolen information.
ALPHV just lately introduced on its sufferer shaming and extortion web site that it had hacked a luxurious spa and resort within the western United States. Someday within the final 24 hours, ALPHV revealed a web site with the identical sufferer’s identify within the area, and their emblem on the homepage.
The web site claims to listing the non-public data of 1,500 resort staff, and greater than 2,500 residents on the facility. On the prime of the web page are two “Test Your self” buttons, one for workers, and one other for friends.
Brett Callow, a risk analyst with safety agency Emsisoft, referred to as the transfer by ALPHV “a crafty tactic” that can most actually fear their different victims.
Callow mentioned many of the sufferer shaming blogs maintained by the key ransomware and information ransom teams exist on obscure, slow-loading websites on the Darknet, reachable solely by way of using third-party software program like Tor. However the web site erected by ALPHV as a part of this new stress tactic is out there on the open Web.
“Firms will doubtless be extra involved in regards to the prospect of their information being shared on this means than of merely being posted to an obscure Tor web site for which barely anybody is aware of the URL,” Callow mentioned. “It’ll piss individuals off and make class actions extra doubtless.”
It’s unclear if ALPHV plans to pursue this method with each sufferer, however different latest victims of the crime group embody a faculty district and a U.S. metropolis. Almost certainly, it is a take a look at run to see if it improves outcomes.
“We’re not going to cease, our leak distribution division will do their greatest to bury your corporation,” the sufferer web site reads. “At this level, you continue to have an opportunity to maintain your lodge’s safety and repute. We strongly advise you to be proactive in your negotiations; you don’t have a lot time.”
Rising in November 2021, ALPHV is maybe most notable for its programming language (it’s written in Rust). ALPHV has been actively recruiting operators from a number of ransomware organizations — together with REvil, BlackMatter and DarkSide — providing associates as much as 90 p.c of any ransom paid by a sufferer group.
Many safety consultants imagine ALPHV/BlackCat is solely a rebrand of one other ransomware group — “Darkside” a.okay.a. “BlackMatter,” the identical gang accountable for the 2021 assault on Colonial Pipeline that triggered gasoline shortages and value spikes for a number of days final summer time.
Callow mentioned there could also be an upside to this ALPHV innovation, noting that his spouse just lately heard straight from a unique ransomware group — Cl0p.
“On a optimistic observe, stunts like this imply individuals may very well discover out that their PI has been compromised,” he mentioned. “Cl0p emailed my spouse final yr. The corporate that misplaced her information nonetheless hasn’t made any public disclosure or notified the individuals who have been impacted (at the very least, she hasn’t heard from the corporate.)”
