Close this search box.

Next Front in Ransomware Is to Make Hacked Data Visible


Ransomware gangs build search functions for data leak sites

There has been an increase in the number of ransomware sites that offer search capabilities since June. Text strings, company names, and file extension types can be searched more easily. In some of these, you can search within individual files in the stolen data for specific phrases.

Thus far, the ALPHV/BlackCat ransomware gang has developed the most advanced of these search tools.

Data extortion methods used by BlackCat

Since early 2022, this group has been one of the most active ransomware groups, targeting Microsoft Exchange Servers with known vulnerabilities and hitting in the region of 100 organisations, including German critical infrastructure. FBI flash warnings were issued about the group’s activity in April, and a Rust-based ransomware was deployed as part of its innovation.

A trial run of this stolen data search system was offered as a courtesy to potential victims, allowing them to see if their personal information was included in the stolen information.

Data search functionality introduced by LockBit and Karakurt

LockBit debuted a search tool like BlackCat’s on their data leak site shortly after BlackCat introduced theirs. As LockBit’s biggest competitors have disbanded or been forced to dissolve by law enforcement, the ransomware gang has quickly established itself as the market leader. Its search tool is behind the curve, however, only allowing you to search for victims’ names through the stolen data.

Karakurt, a third ransomware gang, recently joined this trend. As of right now, several security professionals and media sources are reporting that it isn’t working. This ransomware gang has been active since at least late 2021 and is associated with the Conti ransomware gang.

Stolen data bringing more attention to breaches

According to Erich Kron, security awareness advocate at KnowBe4, organisations should pay close attention to this development: “This in turn could push victim organizations to pay, rather than simply hoping that the information will be lost in the obscurity of the attacker’s website. If organizations discover their information is searchable on one of these sites, they would be wise to train their users to spot and report phishing emails before the information is used against them, rather than afterward.”

What does this look like for the future of ransomware?

The ransomware market has grown to be worth billions of dollars, and there are no signs that hacking gangs will abandon these tactics.

More of these attacks are predicted for the future, as new advancements that catch on often coincide with a rise in ransom demand prices. This appears to be the case for BlackCat, which has increased its average demand to $2 to $2.5 million USD since June.

Prevent exploitation by preparing for ransomware

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →