Maximising profit - Ransomware gang pressuring victims on the public web
Take action: You are not important, but you are a source of profit. Crime groups care only about maximizing profit, even at an increased risk to themselves. They don't care about whose data they have stolen and under which conditions. If your data can be stolen, you will be extorted.
Learn More
The Cl0p ransomware gang became very famous in the last month through the massive hack on the MOVEit Managed File Transfer vulnerability through which it stole data of hundreds of organizations.
It's all about the money
Naturally, the objective of the theft is profit. When ransomware attackers target a corporate entity, they steal sensitive data from the network and then encrypt files to render them inaccessible. This stolen data is then used as leverage in double-extortion attacks, where the victims are warned that their data will be publicly disclosed unless they pay the ransom.
Naturally, the objective of the theft is profit - they immediately began blackmailing companies into paying significant ransom amounts in order for the criminals not to publish the stolen data. The companies are supposed to trust the criminals to abide by their word?
Seems no money though
Since the premise of "trust the criminals" is naturally crazy, most companies didn't respond to the blackmail - instead focusing on communicating to the affected individuals and trying to make them as safe as possible.
Traditionally, ransomware data leak sites are hosted on the Tor network, a darknet service that provides anonymity to its users and makes it difficult for law enforcement to take down the websites or seize the infrastructure. But, this hosting method makes the leaked data fairly invisible as it requires specialized Tor browsers to access the sites, the content isn't indexed and can't be searched for and the download is slow.
More pressure will help?
Now Cl0P is adopting a tactic previously used by the ALPHV ransomware gang, which involves creating easily accessible websites on the searchable web to leak stolen data from specific victims. This approach aims to increase the visibility of the exposed data and subsequent pressure on victims to pay the ransom by making the threat of data leakage more immediate and tangible.
The move to publish the stolen content on the searchable web is not an ideal situation - the crime group members will become more traceable, the public sites are easily shut down and for victim companies the cat is out of the bag for weeks - they have already communicated about the data leak and are now in cleanup mode.
