Security News > 2023 > January > Ransomware gang cloned victim’s website to leak stolen data
The ALPHV ransomware operators have gotten creative with their extortion tactic and, in at least one case, created a replica of the victim's site to publish stolen data on it.
As a deviation from the usual process, the hackers decided to also leak the data on a site that mimics the victim's as far as the appearance and the domain name go.
ALPHV also shared the stolen data on a file-sharing service that allows anonymous uploading and distributed the link on its leak site.
Brett Callow, threat analyst at cybersecurity company Emsisoft, said that sharing the data on a typosquatted domain would be a bigger concern to the victim company than distributing the data through a website on the Tor network, which is known mainly by the infosec community.
ALPHV is the first ransomware gang to create a search for specific data stolen from their victims.
The pages are for customers and employees of their victims to check if their data was stolen by the hackers.