Cybercrime groups that deal in ransomware attacks and data extortion have been spotted using a new persuasion strategy against their victims.
The new maneuver involves implementing a search function on dedicated leak websites so visitors can more easily find victims and specific details about them.
The ALPHV/BlackCat ransomware gang released last week a searchable database consisting of leaked data from victims who refused to pay the ransom. In the group’s announcement, its members gave out the specifics of the search function.
Reportedly, visitors of the leak site can look up information by content for documents and images and by filename. Queries return results from the website’s “Collections” section. The new feature was originally meant to make it easier for other threat actors to identify stolen information.
This is ALPHV/BlackCat’s second attempt at employing this tactic. Last month, the gang released a searchable database of stolen data from an attack against an Oregon hotel and spa.
The website allowed both hotel employees and guests to check if their data was compromised in the attack, as Bleeping Computer reported.
As previously mentioned, several cybercrime groups resorted to this tactic. LockBit recently released a revamped version of their leak website, which now includes a search function.
However, LockBit adopted a more rudimentary version of the feature that only lets visitors check victims by their name. Nevertheless, even a simplified version of the search function can make it easier for cybercrooks to identify stolen data.
Last but not least, Karakurt jumps on the bandwagon of cybercrime groups making their stolen files databases searchable. The adoption of the search feature is still in its infancy, making it hard to know if it will be a successful coercion tactic.
Specialized software solutions such as Bitdefender Digital Identity Protection can help keep your digital identity safe from data breaches. The service continuously scans the public and deep web for unauthorized personal data leaks, reports breaches, and enables you to take quick action against events that could jeopardize your digital footprint.