The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim's site to publish stolen data on it.
It appears that ALPHV, also known as BlackCat ransomware, is known for testing new extortion tactics as a way to pressure and shame their victims into paying.
While these tactics may not be successful, they introduce an ever-increasing threat landscape that victims need to navigate.
Hackers make stolen data easier to get
On December 26, the threat actor published on their data leak site hidden on the Tor network that they had compromised a company in financial services.
As the victim did not meet the threat actor’s demands, BlackCat published all the stolen files as a penalty - a standard step for ransomware operators.
As a deviation from the usual process, the hackers decided to also leak the data on a site that mimics the victim's as far as the appearance and the domain name go.
ALPHV ransomware impersonates victim site to leak stolen datasource: BleepingComputer
The hackers did not keep the original headings of the site. They used their own headings to organize the leaked data.
The cloned site is on the clear web to ensure the wide availability of the stolen files. It currently shows various documents, from memos to staff, payment forms, employee info, data on assets and expenses, financial data for partners, and passport scans.
ALPHV ransomware publishes stolen data on site impersonating the victimsource: BleepingComputer
In total, there are 3.5GB of documents. ALPHV ..
Support the originator by clicking the read the rest link below.
