The Ransomware Gang [BlackCat/ALPHY] Takes Extortion to the Next Step

Ransomware gangs have long pursued extortion strategy, however the new method used by BlackCat ransomware gang has shown that the cyber criminals are also capable of evolving extortion methods.

The latest extortion strategy that the notorious BlackCat ransomware gang start to employ gives the opportunity to the potential victim of data breaches of searching whether their data was exposed.

The gang conducts cyber-attacks to encrypt the files in a computer system and steal corporate data. After stealing the data, they post the data on a dedicated website where both the victim’s customers and employees are able to check if they have fallen prey to the attack.

What is ransomware?

During a cyber-attack, corporate data is stolen. After it has been stolen, attackers mine everything that is of value then encrypts devices and the extortion game begins. They reach out to the victims demanding them to pay a certain amount so that they can send a decryptor. They also promise not to leak the stolen data to the public after receiving the ransom. The attackers may leak small portions of the corporate data in order to put pressure on the victims. They can also email customers and employees informing them that they have their data. This was the case when BlackCat attacked Austrian federal state, Carinthia. The gang demanded $5 million so that they could unlock the encrypted computers.

Have these techniques been useful?

BlackCat and other ransomware gangs have been using threats in order to coerce victims to pay the ransom fees. Despite all the threats, these extortion techniques do not often work. The victims, most of the time, are not faxed even by the fact that their corporate data are at risk. They flat out refuse to pay. In order for the attackers to get some value out of the stolen data, they constantly need to come up with new ways to put more pressure on the victims.

BlackCat’s new strategy

BlackCat has employed a new strategy that involves creating a dedicated website and posting stolen corporate data on it. The affected parties can then visit the website to confirm that indeed their data has been leaked. A hotel and spa in Oregon is among the victims of this new kind of extortion. Some of the data that was mined during the attack on the hotel include names, arrival dates and stay costs of customers. Employees are more affected as the website include more sensitive information on them such as social security numbers, phone numbers and email addresses.

What can organizations do to secure themselves?

Corporate data contains sensitive information that should be protected from cyber criminals like BlackCat. It is important that organizations take measures to secure their networks from ransomware attacks. The most important step that organizations should take is to train their employees. Employees are the weakest link when it comes to cybersecurity. More often than not, attacks begin with a phishing email. Employees should be able to detect these phishing emails and deal with them accordingly. They should also be trained on social engineering tactics used by the attackers to make them ready for any kid of attack. Employees should be trained on password management as well. Strong passwords should be used in conjunction with MFA and be updated regularly. Another protective measure that organizations can tak is using backups for risk management and contingency measures. In the event that the attack corrupts corporate data, the backups can come in handy as there will be no reason to pay the ransom.