A new ransomware group known as Alpha has recently made its debut with the launch of its Dedicated/Data Leak Site (DLS) on the Dark Web, showcasing data from six initial victims. Despite being a recent player, Alpha ransomware has been active since May 2023, displaying a lower infection rate compared to its counterparts, with no active samples currently in circulation for analysis. Security researchers from Netenrich published an advisory noting the ransomware’s distinctive practice of appending a random 8-character alphanumeric extension to encrypted files, demonstrating an evolutionary process in refining their approach. The DLS, named “MYDATA,” is considered unstable and frequently offline, suggesting that the group is still in the process of setting up operations.
The ransomware group’s victims span various industries, including electrical, retail, biochemical, apparel, health, and real estate, located in the UK, the US, and Israel. Netenrich’s investigation uncovered details such as the ransomware group’s Bitcoin address, ransom demands, TOX ID, and other pertinent information. However, the ransom demand lacks consistency, indicating a mix of talent and amateurism within the ransomware space, according to Netenrich senior threat analyst Rakesh Krishnan. As DLSs (Data Leak Sites) become a persistent tactic, ransomware groups like Alpha anticipate that victims will be more inclined to pay ransoms to avoid reputational damage and other breach-related costs associated with disclosing material data breaches.
Continued monitoring and analysis will be crucial to understanding and mitigating the emerging threat posed by Alpha ransomware, Krishnan notes. The group’s visibility may increase, leading to more victims and potential headlines, emphasizing the importance of ongoing efforts to comprehend and counteract this new ransomware variant’s impact.