We appear to have reached the next stage in the evolution of ransomware (opens in new tab), as operators now allow people to search through the files stolen from companies that declined to pay up.
Multiple ransomware operators are reportedly now adding the feature to their leak sites – and while some have done a poor job, as their engines didn’t exactly work as intended, others appear to have successfully pulled it off.
In the case of BlackCat (AKA ALPHV), not only does the search engine work, but the files were also indexed, allowing visitors to search by specific keywords or file types, making it easier for other cybercriminals to find sensitive data, and possibly attack other firms with malware (opens in new tab) and ransomware, as well.
Finding passwords faster
LockBit is another threat actor that introduced the same functionality to its website, and although it’s not as advanced as BlackCat’s, it still works relatively well. Karakurt’s search engine, however, was shown as malfunctioning.
By allowing victims, other threat actors, and anyone else, to quickly and easily go through terabytes of stolen data, ransomware operators want to exert additional pressure on the victim, to have them pay the ransom.
If the victim’s client, or customer, sees their data exposed to the public in this way, they might try and persuade them to pay the ransom and have that data removed from the web as soon as possible.
This is just another step, in a long line of moves cybercriminals have been pulling, since the inception of ransomware, all with the goal of incentivizing payment.
In the early days, when businesses declined to pay up, threat actors started both encrypting and stealing data, threatening to release it to the public.
When that, too, failed to convince the victims, they started bullying them with phone calls and threatening emails. In some cases, ransomware attacks are also followed up with distributed denial of service (DDoS) attacks, clogging the front-end with bogus traffic, and paralyzing the business both from the customer-facing side, as well as from the back-office.