On their dark web site, hackers from the BlackCat group reported that they managed to hack into a company operating in the financial services industry. Since the victim did not comply with their requirements, the cybercriminals published everything stolen, but they approached the “punishment” creatively - they leaked the data to a site that almost completely copies the appearance of the victim’s site.
Anyone can access the site, because it is in the clearnet. Experts suggest that this is how hackers want to harm the victim even more, since now everyone can get access to the data.
Now on the site you can find 3.5 GB of documents, among which are:
- Memos to employees;
- Payment forms;
- Information about employees;
- Data on assets and expenses;
- Financial data of the victim's clients;
- Passport scans of the victim's clients.
According to Brett Callow, a threat analyst at Emsisoft, leaking data to a fake site with a misspelled domain name will be a much bigger problem for the victim company than spreading data using sites on the darknet. In his opinion, this unusual tactic could become popular among cyber-ransomware, as it is easy to reproduce and can be extremely effective.