BlackCat, also known as the Noberus and ALPHV ransomware gangs, is now putting more pressure on their victims to extort ransom.
BlackCat has recently been closely monitored by the FBI due to the rampant exploitative activities by the malicious actors. Just recently, to extort financial gains from its victims, the ransomware gang created a specific website aiming to put pressure on them.
The threat actors launched a website wherein they intend to leak the data they illegally obtained from their targets.
The gang releases data slowly by potion on the said site or they will email customers and employees informing them of stolen data.
BalckCat's Latest Activity
BlackCat ransomware group started implementing a new method of intimidation through releasing alleged stolen data that the group claimed had been acquired from a hotel and spa located in Oregon.
Part of this new tactic is the claim by the hacking group to have stolen a vast amount of data: 112 GB, some of which included employee information for 1,500 workers, such as their Social Security Numbers.
In addition, the hacking group went one step further than simply leaking the data on their typical Tor data leak site. Instead, they established a dedicated website that allows employees and customers of the hotel to check to see if their data was taken during the attack on the hotel.
As reported by BleepingComputer, through the use of the website, employees, customers, or anyone else for that matter, can view information regarding hotel guests and their stays as well as the personal data of 1,534 employees.
The employee data contains extremely sensitive information, such as names, email addresses, Social Security numbers, phone numbers, and dates of birth, whereas the customer guest data only contains names, arrival dates, and stay costs.
Brett Callow, a security analyst for Emsisoft, told BleepingComputer, "Alphv is no doubt hoping that this tactic will increase the probability of them monetizing attacks." The hacking group went so far as to compile data packs for each employee, which consisted of the illegally obtained files pertinent to that employee's tenure at the hotel.
This website is hosted on the clear web, also known as the public internet. Search engines are able to index it. This means that the exposed information is likely to be added to search results, which could make the situation even more precarious for those affected.
Previous Breach of ALPHV Ransomware Gang
BlackCat has already gained unauthorized access to several commercial organizations all over the world. As previously reported here in iTechPost, networks all over the world were compromised by the Ransomware-as-a-service (RaaS) organization between November 2021 and March 2022.
The ALPHV ransomware gang is notorious for demanding ransom payments in the millions of dollars and for executing hacks using Rust, a programming language that is incredibly advanced.
The group was listed by the Federal Bureau of Investigation (FBI) in the White Flash alert warning that was released one month ago.
Forbes reported that BlackCat has demanded ransom payments totaling several million dollars from a number of prominent people after threatening them with kidnapping. In February, the organization issued a statement claiming responsibility for an attack that was carried out against Swissport, which is in the business of providing aviation services. In a letter that was written one month earlier, it had previously identified German energy businesses Oiltanking and Mabanaft as victims of the attack.