Ransomware

Data leak site API integrated by ALPHV/BlackCat ransomware

BleepingComputer reports that the ALPHV/BlackCat ransomware group was discovered to have implemented API integration in its data leak site in an effort to better track its victims following its unsuccessful attempt to seek ransom from recently breached U.S. multinational cosmetics company Estee Lauder. Both API calls and a Python-based crawler have been posted by ALPHV/BlackCat on its leak site to facilitate the retrieval of information regarding its new victims, according to various researchers. "Fetch updates since the beginning and synchronize each article with your database. After that any subsequent updates call should supply the most recent 'updatedDt' from prevoiusly [sic] synchronized articles + 1 millisecond," noted ALPHV/BlackCat on its leak site. Despite its recent discovery, VX-Underground noted that the API usage has been partially available for the past few months. Such a technique may have been leveraged by ALPHV/BlackCat amid declining ransomware demand payments by impacted organizations.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.