It looks like we've reached the next stage in the evolution of ransomware (opens in a new tab), as operators now allow people to search for files stolen from companies that have refused to pay.
Several ransomware operators are now reportedly adding the feature to their leak sites, and while some did a poor job, as their engines didn't perform exactly as expected, others appear to have succeeded.
In the case of BlackCat (also known as ALPHV), not only is the search engine working, but the files have also been indexed, allowing visitors to search for specific keywords or file types, allowing others to Cybercriminals can more easily find sensitive data and possibly target other companies with malware (opens in a new tab) and ransomware as well.
Find passwords faster
LockBit is another threat actor that has introduced the same feature on its website and although it is not as advanced as BlackCat's, it still works relatively well. However, Karakurt's search engine was found to be faulty.
By allowing victims, other threat actors, and anyone else to quickly and easily navigate through terabytes of stolen data, ransomware operators want to put additional pressure on the victim to pay the ransom.
If the victim's customer or client sees their data exposed to the public in this way, you can try to persuade them to pay the ransom and remove that data from the web as soon as possible.
It's just another step in a long list of moves cybercriminals have taken since the ransomware was created, all with the goal of attracting payment.
At first, when companies refused to pay, threat actors began encrypting and stealing data, threatening to release it to the public.
When that failed to convince the victims either, they began to intimidate them with threatening phone calls and emails. In some cases, ransomware attacks are also followed by Distributed Denial of Service (DDoS) attacks, clogging the front-end with bogus traffic and crippling business on both the client and back-office sides.
Via: BleepingComputer (Opens in a new tab)