>
A ransomware operator created a fake website of one of its victims and used it to publish sensitive content stolen in a ransomware (opens in new tab) attack.
The approach is a novelty that some security researchers believe is a way to weaponize the victim’s clients.
Threat actors known as ALPHV (aka BlackCat) recently successfully launched a ransomware attack against a financial services company, capturing 3.5 GB of sensitive documents including employee memos, payment forms, employee details, assets and expenses, financial data for partners, passport scans and the like.
Typosquatted domains
The threats to leak the data to the public clearly did not work for the victim company, which apparently decided not to pay the ransom demanded.
However, ransomware operators usually leak stolen data onto the dark web, where it is usually available to other criminals and security researchers. This time, ALPHV has created a website on a typosquatted domain, which looks and feels almost identical to the victim’s legitimate website.
Speak against Beeping computerThreat analyst at Emsisoft, Brett Callow, said leaking the data through a typosquatted domain might be a more damaging approach: “I wouldn’t be at all surprised if Alphv had tried to weaponize the company’s customers by directing them to that website. refer” Brett said to Callow.
We’ll have to wait and see what the results of this approach will be, but it’s safe to assume that if it’s successful, we’ll see a lot more typosquatted websites leaking sensitive company data.
Ransomware is an ever-changing threat. Initially, the attackers would simply encrypt all files on target endpoints and demand payment in bitcoin.
As companies started backing up, the criminals started stealing sensitive data and threatening to leak it online. In some cases, this attack is also followed by a Distributed Denial of Service (DDoS) attack that disrupts the front end, as well as harassment and persuasion via phone and email.
Through: Beeping computer (opens in new tab)