Threat gangs feature a search option for victims’ stolen data

Threat Gangs Search Victims Stolen Data Dark Web Repository Hackers

A new strategy implemented by ransomware groups could force their victims into paying the ransom demands and not leak their stolen data. From the reports about these latest findings, the threat groups have added a search feature on their dark web leak site that allows anyone to find the group’s victims or specific details related to the affected companies.

One of the most notorious ransomware gangs, ALPHV aka BlackCat, had announced a few days ago that they employed a searchable database on their leak site that listed all their victims that had not paid their ransom requests.


As explained by the gang, the repositories on the stolen data search feature were indexed according to a file’s name or content available in docs and images.


The ransomware operators stated that implementing the search feature would allow other cybercriminals to search for any confidential information about a targeted company. Moreover, the move could also be an effective tactic to successfully extort ransom demands from their victims.

For instance, when a hotel chain in Oregon was attacked last June, the ransomware gang had created a searchable site that held the data of the compromised victims. The feature allowed the hotel chain guests to search for their names and information to ensure if they were included in the data compromise or not.

Cybersecurity experts believe that the tactic is a step forward for the ransomware actors’ business because it puts more pressure on their victims to cooperate and pay their ransom requests in exchange for their sensitive data being removed from the dark web. Also, the trick could force the victims to pay since they avoid being penalised or sued due to an unsecured online environment.

In related news, experts also noticed how the LockBit gang recently revamped their data leak site, which features a search capability to list their victimised companies’ stolen data. However, this new design of LockBit’s site only allows searching names and is not as extensive as BlackCat’s.

The last group detected implementing the same strategy on their leak site was the Karakurt gang, although the researchers said the group’s site did not work as intended.

As extortionist groups are discovering more techniques to force their victims to pay, experts believe this new technique could be effective in the long run since many threat groups are adopting it.

About the author

Leave a Reply