Ransomware gangs offer ability to search stolen data
source link: https://siliconangle.com/2022/07/11/ransomware-gangs-offer-ability-search-stolen-data/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Ransomware gangs offer ability to search stolen data
In an evolution in ransomware and data extortion, gangs are reported to be now offering the ability to search stolen data in an effort to have victims pay ransom demands.
Bleeping Computer reported today that the ALPHV/BlackCat ransomware gang was the first to offer the feature, announcing that they have created a searchable database with leaks from nonpaying victims. The hackers said that their stolen data had been fully indexed and that the search feature included support for finding information by filename or by content available in documents and images.
The Blackcat ransomware gang claims it is offering the search service to make it easier for cybercriminals to find passwords or other confidential information.
Following the lead from Blackcat, the infamous LockBit ransomware gang — currently in its third incarnation — has launched a similar search function, but apparently not as advanced as that offered by Blackcat. Lockbit’s dark web portal allows visitors only to find victims by name.
A third leak site, run by the Karakurt data extortion gang, is also now offering a similar feature. However, it was not working when tested.
Allowing stolen data to be searched and accessed by both cybercriminals and victims alike is an interesting step forward in this business. Stolen data that had previously been published where a ransom had not been paid was always available from the groups.
However, accessing the data typically requires downloading a massive file that had to be searched on a local computer. With built-in search, even lay people looking to see if they were exposed to the leak can now search the data as easily as doing a Google search.
“Ransomware continues to evolve at a breakneck pace, often taking pages from successful legitimate business practices, such as ‘as-a-service’ offerings, profit sharing, and tech support, and this is just another example of its maturity,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. “The ability to structure and easily search for information makes it easier for other cybercriminals to use the stolen data to initiate other attacks, especially social engineering attacks such as email phishing.”
Kron added that bad actors involved in email phishing could also be able to make great use of the information found in many data dumps. “This in turn could push victim organizations to pay, rather than simply hoping that the information will be lost in the obscurity of the attacker’s website,” he said.
Photo: U.S. Air Force
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK