Home BlackCat ransomware group takes extortion to new level

BlackCat ransomware group takes extortion to new level

June 15 — The BlackCat ransomware group has created a dedicated domain that allows victims of its ransomware attacks to check on whether or not their data was stolen. Learn more about how it works, the rationale, and why this matters…

How it works

A recent BlackCat data heist involved theft of information from a hotel and spa in the state of Oregon. Hackers say that they stole 112GB of data during the attack. This data includes employee information, such as security numbers, belonging to 1,500 employees.

Rather than simply posting the data on their regular Tor data leak site, the ransomware gang created a special page that enabled both employees and customers to determine whether or not their personal data had been compromised during the attack.

The site permits any interested party to obtain information about the hotel’s guests, their stays, or information belonging to more than a thousand employees.

Further details

Threat actors even managed to create “data packs” consisting of files related to each individual hotel employee. Because the BlackCat data domain exists on the clear web, i.e. the public internet, the information is technically indexable by search engines. In turn, the information could be added to search results, further exposing the sensitive data.

BlackCat’s rationale

Cyber security researchers believe that BlackCat likely created searchable domain full of data in order to further incentivize the affected hotel to pay a ransom.

“If companies know that information relating to their customers and employees will be made public in this manner, they may be more inclined to pay the demand to prevent it from happening – and to avoid potentially being hit with class action lawsuits,” states security analyst Brett Callow.

Why it matters

The BlackCat ransomware group (a.k.a ALPHV) appears to be the rebrand of the DarkSide/BlackMatter ransomware gang, which launched the infamous attack on Colonial Pipeline in 2021. At that point in time, the group captured the full attention of international law enforcement and the US government.

This ransomware gang is known for its creative and “crazy” ideas. Whether or not this new ransomware extortion ruse will pay off remains to be seen. Only time will tell.

For more on the BlackCat ransomware group, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, exclusive interviews, expert analyses and security resources, please sign up for the CyberTalk.org newsletter.