Ransomware gangs build search functions for data leak sites
There has been an increase in the number of ransomware sites that offer search capabilities since June. Text strings, company names, and file extension types can be searched more easily. In some of these, you can search within individual files in the stolen data for specific phrases.
Thus far, the ALPHV/BlackCat ransomware gang has developed the most advanced of these search tools.
Data extortion methods used by BlackCat
Since early 2022, this group has been one of the most active ransomware groups, targeting Microsoft Exchange Servers with known vulnerabilities and hitting in the region of 100 organisations, including German critical infrastructure. FBI flash warnings were issued about the group’s activity in April, and a Rust-based ransomware was deployed as part of its innovation.
A trial run of this stolen data search system was offered as a courtesy to potential victims, allowing them to see if their personal information was included in the stolen information.
Data search functionality introduced by LockBit and Karakurt
LockBit debuted a search tool like BlackCat’s on their data leak site shortly after BlackCat introduced theirs. As LockBit’s biggest competitors have disbanded or been forced to dissolve by law enforcement, the ransomware gang has quickly established itself as the market leader. Its search tool is behind the curve, however, only allowing you to search for victims’ names through the stolen data.
Karakurt, a third ransomware gang, recently joined this trend. As of right now, several security professionals and media sources are reporting that it isn’t working. This ransomware gang has been active since at least late 2021 and is associated with the Conti ransomware gang.
Stolen data bringing more attention to breaches
According to Erich Kron, security awareness advocate at KnowBe4, organisations should pay close attention to this development: “This in turn could push victim organizations to pay, rather than simply hoping that the information will be lost in the obscurity of the attacker’s website. If organizations discover their information is searchable on one of these sites, they would be wise to train their users to spot and report phishing emails before the information is used against them, rather than afterward.”
What does this look like for the future of ransomware?
The ransomware market has grown to be worth billions of dollars, and there are no signs that hacking gangs will abandon these tactics.
More of these attacks are predicted for the future, as new advancements that catch on often coincide with a rise in ransom demand prices. This appears to be the case for BlackCat, which has increased its average demand to $2 to $2.5 million USD since June.