Ransomware Attackers Offers Stolen Data Lookup on Public Website

Recently, the BlackCat ransomware group (ALPHV) came up with a better system—read about a breach on a public website specially created for this purpose by the criminals themselves.

According to Bleeping Computer, BlackCat recently set up a website where employees and customers of a breached and ransomed U.S. hotel could check to see whether their PII was stolen.

For customers, the query data included names, arrival dates, and the cost of a stay, while for 1,534 employees it was names, social security numbers, dates of birth, phone numbers, and email addresses.

Turning Up the Pressure

The innovation here is a twist on double extortion, a way of putting pressure on a victim to pay up for fear that stolen data will be made public. Of course, making something “public” normally doesn’t mean many people ever see it, hence the need to make it more public by using a conventional website anyone can visit.

Brett Callow of Emsisoft, said, “While it’s an innovative approach, it remains to be seen whether the strategy will be successful – and, of course, that will determine whether it becomes more commonplace.”

We guess that even if it doesn’t increase the conversion rate overall it might still become more common because it increases the psychological pressure on those already inclined to pay.  It’s also incredibly cheap,  if vulnerable to takedowns.