ALPHV Ransomware Gang Creates Searchable Database With Victims’ Data

The cybercriminals behind the ALPHV ransomware have created a searchable database where employees and customers of their victims can search for their data.

Also known as BlackCat and Noberus, ALPHV emerged in November 2021 as the first ransomware family coded using the Rust programming language. To date, the ALPHV cybergang has compromised over 100 organizations.

Likely linked to the cybercrime group behind the Darkside/Blackmatter ransomware, ALPHV operates under the Ransomware-as-a-Service (RaaS) business model, with its affiliates compromising organizations and stealing valuable information.

In their attempt to pressure victims into paying the ransom, the group engages in a practice of “quadruple extortion” where they encrypt victims’ data, steal it, launch Distributed Denial of Service (DDoS) attacks ) against public assets of victims, and harass customers, partners and employees of victims.

In June, the cybergang was seen launching a leak site dedicated to one of its victims, where data stolen from the organization could be viewed by employees and customers. The personally identifiable information (PII) of more than 1,500 people was allegedly stolen from this victim.

More recently, the group introduced a searchable database storing data stolen from victims and containing more than 100,000 documents, cybersecurity firm Resecurity reports.

In a July 10 post on the dark web forum, cybergang ALPHV announced that the database contains “documents (ID, DL, SSN), access credentials, passwords, information Confidential by Company Name” and other information that employees and customers may be looking for.

“The information imported into the system was acquired by our team from the real victim networks. Search can be done by file name/folders, but also content (of the file), including images. The tool will find the recognized text on the image, including in the body of the PDF document,” the message reads.

Resecurity also noticed that the ransomware gang had increased their ransom demands to $2-2.5 million, with victims usually being asked to make payment within a week.

The increase in ransom demands is not surprising, however. According to Resecurity, the average ransom payment reached $570,000 in the first half of 2021 and nearly doubled by 2022. Despite advice not to pay, around half of victims pay to get their data back.

Related: FBI Shares Information About BlackCat Ransomware Attacks

Related: BlackCat Ransomware Targets Industrial Companies

Related: 4 Hours of Ransom Time Seen in Quantum Attack as Increasingly Accelerated Ransomware Common

Ionut Argire is an international correspondent for SecurityWeek.

Previous columns by Ionut Arghire:
Key words: