"Ransomware Gang Cloned Victim's Website to Leak Stolen Data"

The operators of the ALPHV ransomware, also known as BlackCat ransomware, have created a copy of a victim's website in order to publish stolen data on it. The ALPHV group is known for experimenting with new extortion techniques to shame and coerce victims into paying the demanded ransom. Although these approaches may not be effective, they create an ever-growing threat landscape for victims to face. On December 26, the threat actor revealed on their data leak website that they had compromised a financial services company. As the victim did not comply with the threat actor's demands, BlackCat publicized all the stolen files as a punishment, which is a common tactic employed by ransomware operators. As a variation from the standard procedure, the hackers chose to release the data on a website that resembles the victim's in terms of appearance and domain name. The hackers did not preserve the site's original headings. They instead used their own titles to categorize the compromised information. The cloned website is hosted on the clear web to ensure that the stolen files are widely accessible. It presently displays memos to workers, payment forms, employee information, information on assets and expenses, financial data for partners, passport scans, and more. There are 3.5 GB of documents in all. ALPHV also uploaded the stolen data to an anonymous file-sharing service and posted the link on its leak website. This article continues to discuss the new tactic used by the ALPHV ransomware gang. 

Bleeping Computer reports "Ransomware Gang Cloned Victim's Website to Leak Stolen Data"