Home Ā» This devious attack could be the next evolution of ransomware
Ransomware

This devious attack could be the next evolution of ransomware

by Techradar - All the latest technology news
written by Techradar - All the latest technology news 0 comment

A ransomware operator has created a fake website of one of its victims and used it to publish sensitive content stolen in a ransomware attack.Ā 

The approach is a novelty that some security researchers believe to be a way of weaponization of the victimā€™s clients.

Threat actors known as ALPHV (also known as BlackCat), recently successfully launch a ransomware attack against a financial services company, making off with 3.5GB of sensitive documents, including staff memos, payment forms, employee data, assets and expenses, financial data for partners, passport scans, and similar.
Typosquatted domains

The threats of leaking the data to the public obviously didnā€™t work with the victim company, which evidently decided not to pay the ransom demand.Ā 

However, ransomware operators usually leak stolen data on the dark web, where itā€™s available mostly to other criminals and security researchers. This time around, ALPHV created a website on a typosquatted domain, which looks and feels almost identical to the legitimate website of the victim.

Read more

> What is ransomware and how does it work?> You’re a ransomware victim: Here’s 5 things you should do> Here are the best malware removal tools around

Speaking to BleepingComputer, threat analyst at Emsisoft, Brett Callow, said leaking the data via a typosquatted domain could be a more damaging approach: ā€œI wouldn’t be at all surprised if Alphv had attempted to weaponize the firm’s clients by pointing them to that websiteā€ Brett Callow said.

We will have to wait and see what the results of this approach would be, but itā€™s safe to assume that if itā€™s successful, weā€™ll be seeing a lot more typosquatted websites leaking sensitive corporate data.Ā 

Ransomware is an ever-evolving threat. At first, the attackers would simply encrypt all of the files on target endpoints and demand payment in bitcoin.Ā 

When businesses started deploying backups, the criminals started stealing sensitive data and threatening to leak it online. In some cases, this attack is also followed by a Distributed Denial of Service (DDoS) attack that disrupts the front-end, as well as intimidation and persuasion via telephone and email.

Here are the best endpoint protection services right now

Via: BleepingComputer

You may also like

Ransomware Remains Top Cyber Threat, Former NCSC Chief Says

Russian founder of a cryptocurrency exchange known for funneling ransomware profits arrested

Avast Releases Free Decryptor for BianLian Ransomware

Ransomware Picture: Volume of Known Attacks Remains Constant

1000 Shipping Vessels Impacted by Ransomware Attack

Oslo-based shipping software maker DNV reports a ransomware attack, impacting its ShipManager system and...

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

  • 3033 Ogden Ave. Suite 113, Lisle IL USA
  • Email: nonstop@cybernonstop.com

About Links

Useful Links

Laest News

An analysis of 11 online pharmacies selling abortion pills: at least nine use third-party trackers such as Google Analytics to collect and share sensitive data (Jennifer Gollan/ProPublica)
CloudSEK offers a search engine to detect malicious apps
Amazon hit with fine from OSHA for unsafe working conditions at its warehouses
Threat Hunting Workshop: Hunting for Credential Access

@2021 – All Right Reserved. Designed and Developed by PenciDesign

Facebook Twitter Instagram Linkedin Youtube Email
Close