June 21, 2022

BlackCat Creates Site for Victims to Query for Stolen Data

Industry: N/A | Level: Strategic | Source: BleepingComputer

BlackCat/ALPHV ransomware gang adds pressure for organizations to pay ransoms as a new site was created by the gang, in which victim employees and customers can check if their data was stolen. The tactic was observed by Emisosft security analyst Brett Callow, discovering BlackCat’s latest attack against a hotel and spa company located in Oregon. The ransomware gang was able to obtain 112GB of data from the attack including employee data as well as 1,500 social security numbers associated with employees. The site for victims to individually query if they have been impacted includes sections for “Employee data” and “Guest data.” The employee data has been found to contain more sensitive information, as shared by BleepingComputer “While the customer guest data only contains names, arrival date, and stay costs, the employee data includes extremely sensitive information, such as names, Social Security Numbers, date of birth, phone numbers, and email addresses.” Victims are also at risk of the data being exposed in search results when it is indexed and queryable by search engines.