A new extortion strategy which is being used by the Industrial Spy has been identified where they gain access to their victim’s corporate websites to publicly display ransom notes. The first incident of this new strategy was seen on Thursday 2nd of June 2020, when Industrial Spy started to sell data, which they claim was stolen from the French company, SATT Sud-Est for $500,000. Although this incident stood out to the security researcher MalwareHunterTeam as it was clear that the threat actors had also hacked the SATT Sud-Est’s website to display a message warning that 200GB had been stolen and would soon be up for sale if the victim did not pay a ransom.
There is a belief that this new tactic will not see widespread use by ransomware groups as web servers for most victims are not hosted on corporate networks but with external hosting providers instead. Therefore, threat actors would need to find a vulnerability on the website or gain access to credentials when they steal data from internal networks.