The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim’s site to publish stolen data on it.
It appears that ALPHV, also known as BlackCat ransomware, is known for testing new extortion tactics as a way to pressure and shame their victims into paying.
While these tactics may not be successful, they introduce an ever-increasing threat landscape that victims need to navigate.
On December 26, the threat actor published on their data leak site hidden on the Tor network that they had compromised a company in financial services.
As the victim did not meet the threat actor’s demands, BlackCat published all the stolen files as a penalty – a standard step for ransomware operators.
As a deviation from the usual process, the hackers decided to also leak the data on a site that mimics the victim’s as far as the appearance and the domain name go.