ALPHV ransomware group developed a search website for stolen data

June 20, 2022
ALPHV Ransomware Hacking Group Search Website Stolen Data Breach

The ALPHV ransomware group (also known as BlackCat) has devised a new method of threatening its targets. The group cleverly designed websites that let its victims’ employees and customers review if hackers stole their data during an attack.

Most of the time, some threat groups will use the stolen data for double-extortion tactics, in which the adversaries demand a ransom payment in exchange for a decryptor and prevent the public release of corporate data.

Ransomware gangs also create data leak sites where they release portions of stolen data or warn customers and employees through email that will alert them that hackers stole their information.

However, these extortion strategies are not a surefire way to let the hackers get what they want. Therefore, companies decide not to pay even if their customers, employees, and corporate data are in danger of being leaked.

This information is also why ransomware groups constantly upgrade their tactics to apply additional pressure on victims.

 

ALPHV has started disseminating stolen data from previously attacked entities.

 

As of now, the ALPHV ransomware operation started exposing allegedly stolen data that they claimed to be from an Oregon-based hotel and spa. As part of their operation, the group assumed that they had stolen more than a hundred gigabytes of data, including the Social Security numbers and employee numbers of about 1,500 personnel.

Instead of leaking the data to a Tor leak site, the threat operators developed a website that allows customers and employees to review if hackers stole their data during the attack on the hotel.

By accessing the site, customers, employees, or any individual that is concerned, can check the information about hotel guests and their stays. Moreover, the 1,500 plus employees can also review the site if the hackers have compromised their data.

The researchers indicated that the stolen data might contain names, stay costs, employee data, visitor arrival data, Social Security numbers, date of birth, email addresses, and phone numbers.

This issue can also worsen if the stolen data is hosted on the clear web, such as the public internet, since search engines will be more likely to add the data to search results.

About the author