The Ransomware gang aka BlackCat has levelled up their blackmailing scheme by creating a website to allow their victims to check if their data was stolen in an attack.
Ransomware gang performs the attack in which they steal data of companies, employees, etc.
After which, the threat actors code the devices.
Later, the threat actors demand for a ransom payment for using the data in a double extortion scheme to deliver a decryptor and stop the public release of corporate data.
The hacking group have developed a website where they release the data in a portion of stolen data after warning them that their information is been stolen.
To keep pressure on their victims, they took this step but it hardly has any burden on corporate companies, employees and their victims.
Taking extortion to another level –
Today, Ransomware started releasing stolen data that they collected from a hotel and spa in Oregon.
However, the gang claimed of claiming 112GB of data including 1,500 employees’ information such as their social security numbers.
Moreover, the gang allowed the employees and their victims to check if their data information was stolen during the attack on the hotel.
The users of this website can view information about hotel guests, and their personal details including the personal details of over 150 employees.
Even the most sensitive data of hotel guests is been released.
Additionally, the data is hosted on the website on the Public Internet, and it can expose information by mentioning specifically for the results.
Will the innovation work or stop?
The focus of creating this site is to threaten employees, and hotel guests by gaining ransomware amount and removing their data from the web.
Brett Callow, an Emisosft security analyst who also established this extortion, shared with BleepingComputer that while the tactic is innovative, it is too early to tell if it will pay off.
‘Alphv (Ransomware) is no doubt hoping that this tactic will increase the probability of them monetizing attacks.
If companies know that information relating to their customers and employees will be made public in this manner, they may be more inclined to pay the demand to prevent it from happening – and to avoid potentially being hit with class-action lawsuits, Callow mentioned.
He added, ‘While it’s an innovative approach, it remains to be seen whether the strategy will be successful – and, of course, that will determine whether it becomes more commonplace.
However, developing this site was a real time-consuming task, and the results are awaited for the efforts to be paid off.
