Cybercriminals Mimic Victim Website to Publish Exfiltrated Data on the Public Web



Ransomware Attacks TargetingIn a new twist, threat actors use a typo squatted domain name to increase the chances that stolen data will be seen by the general public after not being paid the ransom.

The majority of ransomware attacks (last number was at 86% of them) utilize some form of data exfiltration to up the chances of being paid the ransom. Historically, when the data was published, it was posted to a specific website only available on the Tor network and only really accessible to hackers and the infosec community.

But a recent attack by the ALPHV ransomware gang (also known as BlackCat) takes a very dangerous turn. According to BleepingComputer, ALPHV copies the victims website (mostly for look and feel), modifies it to be the shell for the published stolen data, and then uses a lookalike domain name that could be reached by simply mistyping the victim’s domain name to make the data accessible to anyone attempting to do business with the victim organization.

ALPHV_Typosquatting_Vic-02

Source: BleepingComputer

The real danger here is if this becomes a trend. The last thing a victim organization wants is to have their customers seeing a well-organized set of leaked data; it demonstrates just how out of control the victim org really is and damages their reputation.

This advancement in tactics demonstrates why it’s absolutely necessary to be laser-focused on preventing ransomware attacks (and not be thinking you just want to be able to recover from them). Prevention starts (in most cases of ransomware) with stopping phishing attacks. As we know, 1 out of 10 attacks makes its way to the Inbox, making it necessary to assume that, despite the efficacy of security solutions, the organization needs Security Awareness Training to involve the user in strengthening the organization’s security stance.


Free Ransomware Simulator Tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 22 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 23 types of infection scenarios
  • Just download the install and run it 
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransomware-simulator

Topics: Ransomware

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews