The ALPHV ransomware gang, also known as BlackCat, copied a victims site and used it to publish all the stolen files after its demands for payment were not met, BleepingComputer reports.
The group announced on Dec. 26 that they have compromised a financial services company and decided to create a site that looks like the victims in terms of domain name and appearance, but used their own headings for the leaked data. The cloned site contains various files, including payment forms, data on assets and expenses, employee information, memos to staff, financial data for partners, and passport scans. The 3.5GB of documents were also shared on a file-sharing service.
The victim company could have a bigger problem with their data being shared on a typo-squatted domain than having their data distributed on a website on the Tor network, said Emsisoft threat analyst Brett Callow, who also noted that he wouldn't be at all surprised if ALPHV had attempted to weaponize the firms clients by pointing them to that website.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news