BlackCat ransomware group cloned their victim’s website

January 16, 2023
BlackCat Ransomware Hacker Group Website Cloned

The BlackCat ransomware operators have executed a new extortion strategy in which they replicate their victims’ websites to expose stolen data on them. This notorious ransomware group is well known for carrying out new extortion strategies to pressure and embarrass their victims into paying the ransom.

Moreover, this group introduces diverse ways of attacking or exploiting their victims, even though some strategies are unsuccessful.

Last month, the BlackCat operators published on their data leak website hidden on the Tor network that they had infected a firm’s financial services. Unfortunately, the BlackCat group exposed all the stolen files on the internet since the victim did not meet their demands.

These incidents are common for ransomware campaigns to set an example for their other victims.

 

The BlackCat ransomware has created a new extortion tactic.

 

According to researchers, the BlackCat ransomware group developed an alternative way of leaking stolen data. Instead of exposing the data on their leaked site, they have replicated their victims’ websites and posted the stolen information.

The replicated website’s appearance and domain name are impeccably similar to the original. However, the threat actors did not maintain the original headings of the website; instead, they utilised their headers to arrange the leaked data.

The group placed the mimicked website on the clear web to ensure anyone could look at the stolen files. As of now, the site used by the group shows various files such as memos, payment forms, assets and expenses, employee information, financial data, and passport scans.

Their current victim lost 3.5 gigabytes of documents. The BlackCat group also shared the data on a file-sharing service that enables anonymous uploading and spreading of the link on their leak site.

Experts explained that data sharing on a typo-squatted domain would be a more significant concern to a potential victim than data exposure through Tor networks. The exposed data on a typo-squatted domain could be accessed by numerous users, whereas the members of the information security community could only access leaked data on Tor networks.

About the author

Leave a Reply