The ALPHV ransomware group, also known as BlackCat, is employing a new tactic to exert additional pressure on their victims by introducing an API for their data leak site, thus amplifying the visibility of their attacks.
This move follows the gang’s unsuccessful attempt to negotiate a ransom payment from Estée Lauder after breaching the beauty company’s systems. The API allows for timely updates on new victims, while the group also released a Python crawler to retrieve the latest information from the data leak site.
The API provided by ALPHV/BlackCat ransomware gang allows users to fetch various details about new victims added to their leak site or obtain updates from a specific date. Though the release of the API’s feature remains unexplained, it is speculated that the group’s initiative might be a response to the decreasing number of ransomware victims who are willing to pay.
According to a report by Coveware, paying victims that suffered ransomware attacks fell to a record low of 34% in the second quarter of the year. Instead, ransomware gangs like Clop continue to profit by targeting the supply chain to breach numerous organizations, with Clop estimated to earn at least $75 million from their MOVEit data theft campaign.
Despite the gang’s effort to pressure victims into paying, some companies, like Estée Lauder, have remained steadfast in refusing to negotiate or comply with ransom demands.
Estée Lauder’s unresponsiveness to the attackers’ messages led to a retaliatory message from the gang, ridiculing the company’s security measures. The use of APIs and making leaks easily accessible to a broader audience is an attempt by ransomware gangs to escalate their extortion tactics, but this approach may prove futile in the face of more resilient organizations and increased global efforts to combat cyber threats.