The ALPHV ransomware gang, known as BlackCat, provides a dedicated website for its victims: victims can check if their data was stolen in an attack or if they are just victims of encryption. They want to increase the pressure so that the victim pays.
Most ransomware groups have started their attacks not only by encrypting the data, but also by copying and transporting significant amounts of data. The extortion is thus expanded so that the data not only remains encrypted when "not paying", but the stolen data is also simply sold or published on the Darknet.
More pressure on the ransomware victims
After a certain time, the attackers also publish parts of the stolen data so that the victims pay faster. At the same time, they also send emails to employees of companies that they have this data and want to publish it - after a certain time. All this should increase the pressure to make the victims pay. Apparently, many companies choose not to pay the ransom, since many are able to restore the encrypted data from their own backups.
However, these extortion techniques don't always work, and companies simply choose not to pay, at the risk of leaking their company, employee, or customer information to the public. Because of this, ransomware gangs are constantly evolving their tactics to put additional pressure on victims.
Extortion service for victims
AlphV or BlackCat recently threatened to release stolen data stolen from an Oregon hotel. As part of this attack, the ransomware gang claims to have stolen 112 GB of data, including employee information such as social security numbers, for 1.500 employees. Instead of simply exposing the data on the web or dark web, the ransomware group created a special website where victims can check if their data was stolen during the attack.
In the case of the hotel, almost anyone could see information about hotel guests and their stays, or the personal information of over 1.500 employees. While customer guest data contains only names, arrival dates and accommodation costs, employee data contains extremely sensitive information such as names, social security numbers, date of birth, telephone numbers and email addresses. The Bleeping-Computer page offers even more information on this topic ALPHV or BlackCat. There is a more detailed report on the incident in English.
Matching articles on the topic