The ALPHV ransomware group, known as BlackCat, aims to intensify ransom payment pressure on victims by offering an API for their leak site, thereby amplifying the exposure of their attacks.
This action comes after the gang’s recent intrusion into Estée Lauder, where the beauty company chose to entirely disregard the attacker’s endeavor to initiate ransom negotiations.
ALPHV ransomware
Earlier this week, several researchers noted that the ALPHV/BlackCat data leak site introduced a fresh page offering guidelines for utilizing their API to receive prompt updates about new victims.
APIs, or Application Programming Interfaces, are widely employed to facilitate communication between software components based on predefined definitions and protocols.
VX-Underground, a malware research team, brought attention to this new section on ALPHV’s website; however, this “feature” appears to have been partially accessible for months, though not to the general public.
The ransomware group disclosed the API calls that permit the extraction of diverse information concerning new victims added to their leaked website or updates commencing from a specified date.
The team also provided a crawler program written in Python to help retrieve the latest information on the data breach site.
The gang’s release of the API might stem from a decline in ransomware compliance, with payments dropping to a historic low of 34% in Q2. Amidst this, certain attackers still profit significantly by targeting the supply chain; Clop, for instance, allegedly amassed over $75 million via the MOVEit data theft campaign.
Exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform, Clop’s activities, which impacted numerous companies including Estée Lauder (also breached by ALPHV/BlackCat), underscore the severity of the breach. In response to ALPHV, Estée Lauder remained unresponsive.
With fewer victims paying ransoms, ransomware groups are seeking fresh methods to apply pressure and secure funds.
Leave A Comment