State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

New Ransomware Extortion Tactic

NJCCIC Alert

Original Release Date: 1/5/2023

Summary

Ransomware operators often use one or more extortion tactics to demand a ransom payment, including denying access to encrypted files, stealing data, threatening a data breach by releasing the stolen data on public ransomware leak sites, auctioning victim data to other threat actors via the dark web, and conducting distributed denial-of-service (DDOS) attacks. The ALPHV/BlackCat ransomware group introduced a new extortion tactic of creating a copy of the victim’s website and publishing the stolen data on it, hoping to pressure and embarrass victims into making ransom payments if initial ransom demands were not met.

In one reported case, the group compromised a financial services company and cloned the victim’s website in terms of appearance and domain name. However, the original headings were not used to organize the leaked data, which included various documents, memos, payment forms, employee information, assets and expenses, financial data for partners, and passport scans. The cloned website provided a larger public audience with unrestricted and readily available access to this leaked data. Furthermore, the data was shared on a file-sharing service that permits anonymous uploads and distributed the link on its leak site. Other ransomware groups could potentially use this tactic of sharing data on a typosquatted domain to increase the likelihood of extortion and payment.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Remain vigilant, keep systems up to date and apply patches as they become available, enable strong endpoint security, and enforce cyber hygiene. Additionally, implement a defense-in-depth strategy, segment networks, apply the Principle of Least Privilege, enable multi-factor authentication (MFA) where available, encrypt sensitive data at rest and in transit, create and test continuity of operations plans and incident response plans, and establish a comprehensive data backup plan that includes performing scheduled backups regularly, keeping an updated copy offline in a separate and secure location, and testing regularly. The NJCCIC provides further recommendations in the Ransomware: The Current Threat Landscape post and the Ransomware: Risk Mitigation Strategies technical guide. Incidents may be reported to local police departments, the FBI, and the NJCCIC. Further reporting can be found in the BleepingComputer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.