{"id":593864,"date":"2023-01-04T05:49:14","date_gmt":"2023-01-04T11:49:14","guid":{"rendered":"https:\/\/news.sellorbuyhomefast.com\/index.php\/2023\/01\/04\/this-devious-attack-could-be-the-next-evolution-of-ransomware\/"},"modified":"2023-01-04T05:49:14","modified_gmt":"2023-01-04T11:49:14","slug":"this-devious-attack-could-be-the-next-evolution-of-ransomware","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2023\/01\/04\/this-devious-attack-could-be-the-next-evolution-of-ransomware\/","title":{"rendered":"This devious attack could be the next evolution of ransomware"},"content":{"rendered":"<article aria-label=\"article\" data-id=\"8p5Rpj4m9hjNkQt5afLfnS\">\n<header>\n<nav aria-label=\"Breadcrumbs\">\n<ol>\n<li>\n<a href=\"https:\/\/www.techradar.com\" aria-label=\"Return to Home\">Home<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/news\" aria-label=\"Return to News\">News<\/a>\n<\/li>\n<li>\n<a href=\"https:\/\/www.techradar.com\/computing\" aria-label=\"Return to Computing\">Computing<\/a>\n<\/li>\n<\/ol>\n<\/nav>\n<\/header>\n<section>\n<div itemprop=\"image\" itemscope itemtype=\"https:\/\/schema.org\/ImageObject\">\n<div>\n<picture><source type=\"image\/webp\" alt=\"ransomware avast\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\"><source type=\"image\/jpeg\" alt=\"ransomware avast\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\"><img decoding=\"async\" src=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ-320-80.jpg\" alt=\"ransomware avast\" onerror=\"if(this.src &#038;&#038; this.src.indexOf('missing-image.svg') !== -1){return true;};this.parentNode.replaceChild(window.missingImage(),this)\"   data-original-mos=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\" data-pin-media=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\"><\/picture>\n<\/div>\n<p><meta itemprop=\"url\" content=\"https:\/\/cdn.mos.cms.futurecdn.net\/ioiGboNmGxjo77hGKRFefJ.jpg\"><br \/>\n<meta itemprop=\"height\" content=\"600\"><br \/>\n<meta itemprop=\"width\" content=\"338\"><figcaption itemprop=\"caption description\">\n<span itemprop=\"copyrightHolder\">(Image credit: Avast)<\/span><br \/>\n<\/figcaption><\/div>\n<div id=\"article-body\">\n<p>A ransomware operator has created a fake website of one of its victims and used it to publish sensitive content stolen in a <a href=\"https:\/\/www.techradar.com\/best\/best-ransomware-protection\" target=\"_blank\" rel=\"noopener\">ransomware<\/a><span> (opens in new tab)<\/span> attack.\u00a0<\/p>\n<p>The approach is a novelty that some security researchers believe to be a way of weaponization of the victim\u2019s clients.<\/p>\n<p>Threat actors known as ALPHV (also known as BlackCat), recently successfully launch a ransomware attack against a financial services company, making off with 3.5GB of sensitive documents, including staff memos, payment forms, employee data, assets and expenses, financial data for partners, passport scans, and similar.<\/p>\n<h2 id=\"typosquatted-domains\">Typosquatted domains<\/h2>\n<p>The threats of leaking the data to the public obviously didn\u2019t work with the victim company, which evidently decided not to pay the ransom demand.\u00a0<\/p>\n<p>However, ransomware operators usually leak stolen data on the dark web, where it\u2019s available mostly to other criminals and security researchers. This time around, ALPHV created a website on a typosquatted domain, which looks and feels almost identical to the legitimate website of the victim.<\/p>\n<p>Speaking to <em>BleepingComputer<\/em>, threat analyst at Emsisoft, Brett Callow, said leaking the data via a typosquatted domain could be a more damaging approach: \u201cI wouldn&#8217;t be at all surprised if Alphv had attempted to weaponize the firm&#8217;s clients by pointing them to that website\u201d Brett Callow said.<\/p>\n<p>We will have to wait and see what the results of this approach would be, but it\u2019s safe to assume that if it\u2019s successful, we\u2019ll be seeing a lot more typosquatted websites leaking sensitive corporate data.\u00a0<\/p>\n<p>Ransomware is an ever-evolving threat. At first, the attackers would simply encrypt all of the files on target endpoints and demand payment in bitcoin.\u00a0<\/p>\n<p>When businesses started deploying backups, the criminals started stealing sensitive data and threatening to leak it online. In some cases, this attack is also followed by a Distributed Denial of Service (DDoS) attack that disrupts the front-end, as well as intimidation and persuasion via telephone and email.<\/p>\n<ul>\n<li>Here are the <a href=\"https:\/\/www.techradar.com\/news\/best-endpoint-security-software\" target=\"_blank\" rel=\"noopener\">best endpoint protection<\/a><span> (opens in new tab)<\/span> services right now<\/li>\n<\/ul>\n<p>Via: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data\/\" target=\"_blank\" data-url=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data\/\" rel=\"noopener\">BleepingComputer<\/a><span> (opens in new tab)<\/span><\/p>\n<\/div>\n<div data-hydrate=\"true\" data-reactroot id=\"slice-container-newsletterForm-articleInbodyContent\">\n<section>\n<p>Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<div data-reactroot id=\"slice-container-authorBio\">\n<p>Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he\u2019s written for numerous media outlets, including Al Jazeera Balkans. He\u2019s also held several modules on content writing for Represent Communications.<\/p>\n<\/div>\n<\/section>\n<p><a href=\"https:\/\/www.techradar.com\/news\/this-devious-attack-could-be-the-next-evolution-of-ransomware\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n Gaylene Lanz<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Home News Computing (Image credit: Avast) A ransomware operator has created a fake website of one of its victims and used it to publish sensitive content stolen in a ransomware (opens in new tab) attack.\u00a0The approach is a novelty that some security researchers believe to be a way of weaponization of the victim\u2019s clients.Threat actors<\/p>\n","protected":false},"author":1,"featured_media":593865,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[313,23070,46],"tags":[],"class_list":{"0":"post-593864","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-attack","8":"category-devious","9":"category-technology"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593864","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=593864"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/593864\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/593865"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=593864"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=593864"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=593864"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}