This devious attack could be the next evolution of ransomware
A typosquatted domain added for extra drama effect
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A ransomware operator has created a fake website of one of its victims and used it to publish sensitive content stolen in aransomwareattack.
The approach is a novelty that some security researchers believe to be a way of weaponization of the victim’s clients.
Threat actors known as ALPHV (also known as BlackCat), recently successfully launch a ransomware attack against a financial services company, making off with 3.5GB of sensitive documents, including staff memos, payment forms, employee data, assets and expenses, financial data for partners, passport scans, and similar.
Typosquatted domains
The threats of leaking the data to the public obviously didn’t work with the victim company, which evidently decided not to pay the ransom demand.
However, ransomware operators usually leak stolen data on the dark web, where it’s available mostly to other criminals and security researchers. This time around, ALPHV created a website on a typosquatted domain, which looks and feels almost identical to the legitimate website of the victim.
What is ransomware and how does it work?>You’re a ransomware victim: Here’s 5 things you should do>Here are the best malware removal tools around
Speaking toBleepingComputer, threat analyst at Emsisoft, Brett Callow, said leaking the data via a typosquatted domain could be a more damaging approach: “I wouldn’t be at all surprised if Alphv had attempted to weaponize the firm’s clients by pointing them to that website” Brett Callow said.
We will have to wait and see what the results of this approach would be, but it’s safe to assume that if it’s successful, we’ll be seeing a lot more typosquatted websites leaking sensitive corporate data.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Ransomware is an ever-evolving threat. At first, the attackers would simply encrypt all of the files on target endpoints and demand payment in bitcoin.
When businesses started deploying backups, the criminals started stealing sensitive data and threatening to leak it online. In some cases, this attack is also followed by a Distributed Denial of Service (DDoS) attack that disrupts the front-end, as well as intimidation and persuasion via telephone and email.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Rising AI threats are making firms turn back to human intelligence
Thousands of employees could be falling victim to obvious phishing scams every month
Best CDN provider of 2024
