Ransomware group debuts searchable victim data(krebsonsecurity.com)
krebsonsecurity.com
Ransomware group debuts searchable victim data
https://krebsonsecurity.com/2022/06/ransomware-group-debuts-searchable-victim-data/
11 comments
How are they able to host a website on the public internet like that, without it being taken down? Is it in Russia or something?
Id be more concerned with the website being able to be taken down, i.e ISPs deciding that they are not going to route traffic to a particular IP address.
This has me thinking of a mitigation technique and that is: deliberately slow down the Internet connection of your company/vendor/whatever such that large volumes of data take an age to grab. Just like setting your language to Russian on the OS to stop ransomware from running (an old trick). Fast connections are a liability in some cases and in malware ridden machines it just makes exfiltration easier. Not saying damage won’t be done, but in some cases deliberately throttling connection speed is a win.
Uploads are already slower than downloads for residential.
Well they're hosting it directly, but there's a ton of paid services that let you do this.
On my end I'd love to be able to know how those middlemen make use of the data of who's asking for what... I always avoided tools like Shodan or data brokers while sticking to Tor and public wifi when possible because what you're looking up can tell a lot.
On my end I'd love to be able to know how those middlemen make use of the data of who's asking for what... I always avoided tools like Shodan or data brokers while sticking to Tor and public wifi when possible because what you're looking up can tell a lot.
So, like HaveIBeenPwned, but direct from the source?
I think not. More like Shodan for data. HaveIBeenPwned ostensibly
helps victims. This show is just upping the ante and moving to open
web visibility. What use is blackmailing anyone if you haven't got an
entertainments platform to deliver on? They must be extraordinarily
confident they are untouchable. If it helps anyone it's as an ironic
side effect. Think of this as the NSA but with doors wide open and
everything for sale for the lols.
Bingo! Their tagline should be, if you're here, you already know you're screwed.
I can't help but wonder if they're using the inputs for potential phishing attacks.
For certain high-value targets, perhaps they're lying, with the intent of getting them to initiate some sort of compromised password reset?
For certain high-value targets, perhaps they're lying, with the intent of getting them to initiate some sort of compromised password reset?