{
	"id": "fac0286b-2c0d-4b15-8041-9794b381b026",
	"created_at": "2026-04-06T00:16:22.685985Z",
	"updated_at": "2026-04-10T03:29:39.867319Z",
	"deleted_at": null,
	"sha1_hash": "4667de7eccc1526e871db9aba94722638932f91a",
	"title": "Ransomware gang creates site for employees to search for their stolen data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1658284,
	"plain_text": "Ransomware gang creates site for employees to search for their stolen\r\ndata\r\nBy Lawrence Abrams\r\nPublished: 2022-06-14 · Archived: 2026-04-05 12:35:42 UTC\r\nThe ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that\r\nallows the customers and employees of their victim to check if their data was stolen in an attack.\r\nWhen ransomware gangs conduct attacks, they quietly steal corporate data. After harvesting everything of value, the threat\r\nactor starts to encrypt devices.\r\nThe stolen data is then used in double-extortion schemes, where the hackers demand a ransom payment to deliver a\r\ndecryptor and prevent the public release of corporate data.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nTo pressure victims into paying, ransomware gangs create data leak sites where they slowly release portions of the stolen\r\ndata or email customers and employees warning them that their info was stolen. \r\nClop ransomware gang emailing a victim's customer\r\nHowever, these extortion techniques do not always work and companies simply decide not to pay even though their\r\ncorporate, employee, and customer data is at risk of being leaked.\r\nFor this reason, ransomware gangs constantly evolve their tactics to apply additional pressure on victims.\r\nTaking extortion to the next level\r\nToday, the AlphV/BlackCat ransomware operation began releasing allegedly stolen data that they claim was stolen from a\r\nhotel and spa in Oregon.\r\nAs part of this attack, the ransomware gang claims to have stolen 112GB of data, including employee information, such as\r\nSocial Security Numbers, for 1,500 employees.\r\nHowever, instead of just leaking the data on their normal Tor data leak site, the ransomware gang took it a step further and\r\ncreated a dedicated website allowing employees and customers to check if their data was stolen during the attack on the\r\nhotel.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nPage 3 of 5\n\nVictim's search data leak site\r\nSource: BleepingComputer\r\nUsing this site, employees, customers, or anyone for that matter, can see information about hotel guests and their stays or the\r\npersonal data of 1,534 employees.\r\nWhile the customer guest data only contains names, arrival date, and stay costs, the employee data includes extremely\r\nsensitive information, such as names, Social Security Numbers, date of birth, phone numbers, and email addresses.\r\nThe threat actors even went as far as to create \"data packs\" for each employee that contain files related to that person's\r\nemployment at the hotel.\r\nAs this site is hosted on the clear web, i.e. the public internet, it is indexable by search engines, and the exposed information\r\nwill likely be added to search results, potentially making this even worse for victims.\r\nInnovative or a waste of time?\r\nThe goal of this site is clear, to scare employees and guests into demanding the hotel remove their data from the web, which\r\ncan only be done by paying a ransom.\r\nEmisosft security analyst Brett Callow, who discovered this new extortion strategy and shared it with BleepingComputer,\r\nsaid that while the tactic is innovative, it is too early to tell if it will pay off.\r\n\"Alphv is no doubt hoping that this tactic will increase the probability of them monetizing attacks. If companies know that\r\ninformation relating to their customers and employees will be made public in this manner, they may be more inclined to pay\r\nthe demand to prevent it from happening - and to avoid potentially being hit with class action lawsuits,\" Callow told\r\nBleepingComputer in a conversation.\r\n\"While it's an innovative approach, it remains to be seen whether the strategy will be successful - and, of course, that will\r\ndetermine whether it becomes more commonplace.\"\r\nAlphV is believed to be a rebrand of the DarkSide/BlackMatter gang responsible for the attack on Colonial Pipeline, which\r\nthrust these hacking groups into the media's attention and focused the full attention of international law enforcement and the\r\nUS government.\r\nThis ransomware gang has always been considered one of the top-tier ransomware operations. However, they are\r\nalso known for the mess-ups and crazy ideas that get them in trouble.\r\nSetting up this website with individual employee data packs was definitely a time-consuming task for the ransomware gang.\r\nWe will have to wait and see whether the effort pays off.\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nhttps://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data/"
	],
	"report_names": [
		"ransomware-gang-creates-site-for-employees-to-search-for-their-stolen-data"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434582,
	"ts_updated_at": 1775791779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4667de7eccc1526e871db9aba94722638932f91a.pdf",
		"text": "https://archive.orkl.eu/4667de7eccc1526e871db9aba94722638932f91a.txt",
		"img": "https://archive.orkl.eu/4667de7eccc1526e871db9aba94722638932f91a.jpg"
	}
}