In a currently popular double extortion scheme, ransomware gangs demand money not only for decryption tools but also for not to leak stolen files. Some extortionists even skip the encryption part and demand ransom just for not leaking data. That’s why ransomware operators and other extortionists keep finding new ways to force their victims to pay.
One way to make victims more cooperative is to make them understand that their confidential files were not just stolen but also were put on sale in a simple and convenient manner, and anyone interested in it – such as competitors – cold easily find it and buy.
At least two ransomware operations and one extortion group have adopted a new strategy to force victims to pay for not leaking the stolen files. They added a search function to their leak sites to make it easier for potential buyers to find lots and specific details.
One of the ransomware gangs that adopted this new strategy is notorious ALPHV also known as BlackCat. Last week, they announced a searchable database containing information stolen from organizations that refused to pay ransom. Anyone interested can look for information by filename or by content available in documents and images.
Another one is LockBit ransomware operation. They redesigned their data leak website by adding an option to search for listed victims. This search is not as advanced as the BlackCat’s one, and allows to only find organizations by their names.
The extortion gang that tried to adopt the new approach is Karakurt but their search option doesn’t work properly, at least for now.