Recently, the BlackCat group (AlphV) published stolen data allegedly of employees and guests of a hotel in Oregon. The group claimed to have stolen 112 GB of data on 1,534 employees.
Instead of just publishing the data on their Tor data leak site, the ransomware gang has created a special website allowing employees and customers to check if their data was stolen during the attack on the hotel. On the website you can find information about guests or personal data of 1534 employees. For each hotel worker, the BlackCat group has created data packages that contain files related to the employee’s work at the hotel.
Guest data contains only names, arrival date and cost of accommodation, and employee data includes confidential information:
- Social Security Number (SSN);
- date of birth;
- phone number;
- email address.
Since this site is hosted on the public Internet, it is indexed by search engines. In addition, the disclosed information may appear in search results, which will further aggravate the situation for victims. The purpose of the site is to intimidate employees and guests so that they demand the hotel to delete data from the Internet, and this can only be done by paying ransom to extortionists.
“Alphv hopes that this tactic will increase the monetization of attacks. If a company finds out that information about customers and employees will be made public in this way, the organization will be more inclined to pay a ransom to prevent data leakage and possible class actions.”, — said Emsisoft security analyst Brett Callow, who discovered a new extortion strategy
“This is an innovative approach, but it is not yet known whether this strategy will be successful and widespread”Kellow said.