In an audacious shift in strategy, the infamous ransomware collective ALPHV, also known as BlackCat, is raising the stakes by offering an API for their data leak site. This move, aiming to boost the visibility of their attacks, comes on the heels of a standoff with beauty product giant Estée Lauder, which refused to negotiate ransom with the cybercriminals.
The ALPHV/BlackCat syndicate made noticeable changes to its leak site this week, unveiling a new page with instructions on how to use their API, or Application Programming Interface. The API typically bridges communication between software components based on specific request and response protocols.
As discussed in a recent Twitter thread on malware research group VX-Underground's post, the feature isn't a fresh innovation from the gang; it has been accessible for months but only to a select group of insiders. Now, the API calls enabling access to details about new victims added to their leak sites, and updates from a particular date, are open to the public.
The group's site explains that the new feature allows users to "fetch updates since the beginning and synchronize each article with your database. After that any subsequent updates call should supply the most recent 'updatedDt' from previously synchronized articles + 1 millisecond."
The malefactors have also provided a Python crawler for visitors to conveniently fetch the latest updates from the data leak site.
While the ransomware group has not explicitly said why it's making the API publicly accessible, security researchers suggest it might be a desperate response to dwindling ransom payments and victims' increasing reluctance to negotiate.
The fact that Estée Lauder, ALPHV/BlackCat's most recent victim, rebuffed all attempts at negotiation seems to have prompted the group to escalate its tactics. This incident underscores the changing landscape of ransomware attacks, highlighting a potential trend where companies are becoming more resilient and less intimidated by data leaks, rendering the old ransom demands futile.
Although this new strategy of leveraging APIs to increase the visibility of leaks may appear to be a step up, the broader cybersecurity community views it as a desperate move likely to backfire. As companies continue to develop robust security strategies and become unfazed by such threats, the long-term efficacy of this new tactic remains doubtful.
Using specialized software like Bitdefender Ultimate Security can keep you safe from ransomware and other cyberthreats. Key features include: