The ALPHV ransomware group, aka BlackCat, took its operations to a new level by building a dedicated website where customers and employees of their victim organization can check if their data was breached in an attack.
AlphV is said to be a rebrand of the DarkSide/BlackMatter group, notorious for the attack on Colonial Pipeline, which brought to the fore the operations of these hacking groups.
Today, the AlphV/BlackCat ransomware gang started releasing stolen data that they alleged were stolen from an Oregon hotel and spa. The gang claims to have stolen 112 GB of data containing the private information of 1,500 employees, including Social Security Numbers.
But instead of simply leaking the data on their usual Tor data leak site, the ransomware group created a dedicated website enabling both hotel employees and customers to check if their data was stolen.
The site provides information about hotel guests and their stays as well as the personal data of 1,534 employees.
While the customer guest data only includes names, arrival date, and stay costs, the employee data contains very sensitive information, such as names, Social Security Numbers, date of birth, phone numbers, and email addresses.
As this site can be viewed through the public internet, it is indexable by search engines, and the stolen information may be added to search results, making this even worse for the victims.
Simply put, the site intends to scare employees and guests into demanding the hotel to delete their data from the web, which is only possible by paying a ransom.
Brett Callow, security analyst from Emisoft, who discovered this new ransomware tactic, said that while the strategy is innovative, it is too early to tell if it will pay off.
“While it’s an innovative approach, it remains to be seen whether the strategy will be successful – and, of course, that will determine whether it becomes more commonplace.”