Ransomware operators create a fake website of victims and use it to post sensitive content stolen in ransomware (opens in a new tab) attack.
This approach is a novel one, and some security researchers believe it’s a way to weaponize a victim’s client.
A threat actor known as ALPHV (also known as BlackCat) recently successfully launched a ransomware attack on a financial services company, stealing 3.5GB of sensitive files, including employee memos, payment forms, employee data, assets and expenses, Financial data partners, passport scans and more.
wrong domain name
Threats of leaking data to the public apparently didn’t work against the victim company, which apparently decided not to pay the ransom demand.
However, ransomware operators often leak stolen data on the dark web, mostly for use by other criminals and security researchers. This time, ALPHV created a website on a wrong domain name that looked and felt almost identical to the victim’s legitimate website.
Speaking of Beep computerAccording to Brett Callow, a threat analyst at Emsisoft, exfiltrating data through the spelling of domain names could be a more damaging method: “I wouldn’t be surprised at all if Alphv tried to weaponize the company’s customers by pointing them to the site.” said Brett Carroll.
We’ll have to wait and see what the outcome of this approach will be, but it’s safe to say that if it works, we’ll see more phishing sites leaking sensitive corporate data.
Ransomware is an ever-evolving threat. At first, the attacker would simply encrypt all files on the target endpoint and demand payment in Bitcoin.
As businesses began deploying backups, criminals began stealing sensitive data and threatening to leak it online. In some cases, this attack was followed by Distributed Denial of Service (DDoS) attacks that disrupted the front end, as well as intimidation and persuasion via phone calls and emails.
pass: Beep computer (opens in a new tab)