Last week, the ALPHV ransomware group, also known as the BlackCat ransomware group announced they had implemented a searchable database that consists of leaked data from their victims who didn’t pay. The group clarified that they have indexed all the possible searchable results which allow for people to search by filename or by content available in documents and images. Currently, the results do not have the best accuracy but based on the claims by the ALPHV group, they implemented the search to make it easier for other cybercriminals to find passwords or confidential information about companies.
But the ALPHV ransomware group is not the only ransomware operation that has recently adopted this new strategy of having a searchable database. The LockBit ransomware group has also offered a search function through a redesigned version of their data leak site that allowed searching of their listed victims. Additionally, the Karakurt data extortion gang also has a search function on their leak site. However, it doesn’t seem to work correctly.
This new tactic of having a search function seems to be the next step in applying more pressure on victims to pay the ransoms and have their data removed from the leak sites to avoid the potential risk of lawsuits.