You are here

Ransomware Awareness – New Extortion Tactic Uses Spoofed Website of Victim to Publish Stolen Data

Ransomware Awareness – New Extortion Tactic Uses Spoofed Website of Victim to Publish Stolen Data

Created: Tuesday, January 3, 2023 - 15:11
Categories:
Cybersecurity, Security Preparedness

ALPHV/BlackCat, one of 2022’s most notable ransomware menaces, continues to evolve its data extortion tactics in ongoing attempts to coerce victims into paying. The most recent tactic involves the group creating a replica of a victim’s website to publish stolen data openly on the internet. While the domain name and appearance of the website closely resembles the victim’s legitimate site, ALPHV uses its own directory structure to organize the leaked data. At this time, it is unclear if this extortion tactic will prove successful, but this development does highlight the need for organizations to protect against domain spoofing as part of a ransomware resilience strategy.

As reported in WaterISAC’s Security & Resilience Update on December, 20, 2022, ALPHV/BlackCat was responsible for the attack against Empresas Públicas de Medellín (EPM), the Colombian public energy, water, and gas provider in December. Additionally, Suffolk County New York suffered a persistent compromise lasting eight months and twenty-one days at the hands of ALPHV/BlackCat.

Members may wish to consider purchasing domain monitoring to protect your domain name from being spoofed. Likewise, for more resources to help increase resilience against ransomware, visit CISA's StopRansomware page. Check out BleepingComputer for more.

Additional Security & Resilience Update resources on ALPHV/BlackCat Ransomware