New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Ransomware Threat groups Add Search feature to Websites

Two Ransomware groups have added a search feature to their leaked data websites to make it easier to find victims that have been listed on the website and even some specific details. ALPHV/BlackCat was the first to announce that they had made this change and that the websites can be searched by file name, company name, or by content available within documents and images. Last week, Bleeping Computer noticed that LockBit had also added a search feature to their leak site. The LockBit search function does not seem as advanced as the other, and limits searches to victim names only.

Analyst Notes

Searchable leak sites are a new idea being adopted by ransomware groups and it likely that others will also follow. Ransomware groups will often quickly adopt new features that are perceived to add value, in order to remain competitive. Searchable leaked data websites increase the pressure on victims of ransomware. Previously, even if the data was posted it would have to be sifted through manually to find information that could be used to harm the company. With files now becoming searchable, other threat actors will have an easier time searching for credentials and other sensitive information.