A ransomware operator created a fake website of one of its victims and used it to publish sensitive content stolen in a ransomware (opens in new tab) Attack.
The approach is a first, which some security researchers believe is a way to weaponize the victim’s clients.
Threat actors known as ALPHV (aka BlackCat) recently successfully launched a ransomware attack on a financial services company and made off with 3.5 GB of sensitive documents, including employee memos, payment forms, employee data, assets and expenses, financial data for partners, Passport scans and the like.
The threats to release the data apparently didn’t work for the victim company, who apparently chose not to pay the ransom demand.
However, ransomware operators typically expose stolen data on the dark web, where it is mainly available to other criminals and security researchers. This time, ALPHV created a website on a typed domain that looks and feels almost identical to the victim’s legitimate website.
> What is ransomware and how does it work?
> You’re a ransomware victim: here are 5 things you should do
> Here are the best malware removal tools out there (opens in new tab)
Speak with Beeping computerThreat analyst at Emsisoft, Brett Callow, said that leaking the data via a typosquatte domain might be a more malicious approach: “I wouldn’t be at all surprised if Alphav tried to arm the company’s customers by pointing them to this website ‘ Brett said Callow.
We’ll have to wait and see what the results of this approach would be, but it’s safe to assume that if it’s successful, we’ll see many more typosquat websites exposing sensitive company data.
Ransomware is a constantly evolving threat. First, the attackers would simply encrypt all files on the target endpoints and demand payment in Bitcoin.
As companies started providing backups, criminals began stealing confidential data and threatening to publish it online. In some cases, this attack is also followed by a Distributed Denial of Service (DDoS) attack that disrupts the front end, as well as intimidation and persuasion via phone and email.
- Here are the best endpoint protections (opens in new tab) services now
Above: Beeping computer (opens in new tab)
This article was previously published on Source link