[MART] - Daily Diary #535 - BlackCat threatens victim with dedicated website

CTAS-MAT ctas-mat at appgate.com
Tue Jun 21 21:48:14 UTC 2022

I hope everyone is doing well!

Below is the entry for today.

06/21/2022 - Daily Diary #535

First covered in our Daily Diary #445, BlackCat is one of the most active ransomware operating nowadays. Written in Rust, it operates in the double-extortion method, with the stolen data from clients that refused to pay the ransom being published in their wall-of-shame - one of the many monitored by our team’s Ransom Tracker.

This week BlackCat Ransomware raised attention after going a little far than usual to extort one of their victims. After infecting a hotelier that refused to pay the ransom, the group not only published the data but created a website dedicated to deliver the stolen data and humiliate the hotelier. The website was aimed at the hotelier clients and employees, and it was uploaded on the “common” surface web (in contrast with the ransomware wall-of-shame, hosted in the TOR network). This even allowed the website to be indexed by Google. The attackers claim to have exfiltrated 112GB of data from more than 1500 individuals.

This strategy is highly unusual, and as BlackCat operates in the ransomware-as-a-service model, it is possible that an unskilled affiliate made the mistake to publish the data this way. Being on the surface web, it’s much easier for law enforcement to take it down (as it is already) and even to gather important information for investigations, like in whose name the domain is registered.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Manager, MART

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220621/9398ad2f/attachment.htm>

More information about the MART mailing list