BleepingComputer reports that the ALPHV/BlackCat ransomware group was discovered to have implemented API integration in its data leak site in an effort to better track its victims following its unsuccessful attempt to seek ransom from recently breached U.S. multinational cosmetics company Estee Lauder.
Both API calls and a Python-based crawler have been posted by ALPHV/BlackCat on its leak site to facilitate the retrieval of information regarding its new victims, according to various researchers.
"Fetch updates since the beginning and synchronize each article with your database. After that any subsequent updates call should supply the most recent 'updatedDt' from prevoiusly [sic] synchronized articles + 1 millisecond," noted ALPHV/BlackCat on its leak site.
Despite its recent discovery, VX-Underground noted that the API usage has been partially available for the past few months. Such a technique may have been leveraged by ALPHV/BlackCat amid declining ransomware demand payments by impacted organizations.
Ransomware
Data leak site API integrated by ALPHV/BlackCat ransomware
Share
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds