BlackCat ransomware crims threaten to directly extort victim’s customers

BlackCat ransomware crims threaten to directly extort victim's customers

December 5, 2023 at 07:36AM

AlphV/BlackCat, a ransomware group, threatens to extort clients of Tipalti, an accounting software vendor it claims to have breached since September, obtaining 265GB of data. Instead of directly targeting Tipalti, which is likely not to pay due to insurance limitations, they plan to pressure high-profile clients like Roblox and Twitch. Tipalti is thoroughly investigating, while experts comment on ransomware gangs’ evolving tactics.

Meeting Takeaways:

1. The AlphV/BlackCat ransomware group has claimed responsibility for an attack on the accounting software vendor Tipalti, alleging that they have exfiltrated over 265GB of confidential data from Tipalti’s systems since September 8.

2. Tipalti is aware of these claims and is conducting a thorough investigation into the allegations of the cyberattack and data breach.

3. AlphV/BlackCat ransomware group is attempting a direct extortion scheme against Tipalti’s clients, after assessing that Tipalti is unlikely to pay due to its cyber insurance policy not covering extortion and the company’s previous internal stance on not engaging with cybercriminals.

4. The targeted clients for extortion are currently known to include Roblox and the streaming platform Twitch, with the gang threatening to publish stolen data gradually to damage the companies’ reputations if their extortion demands are not met.

5. Roblox has been mentioned specifically due to a previous extortion incident in July 2022, with AlphV/BlackCat indicating they are willing to take additional measures by extorting Roblox’s stakeholders, including game developers.

6. AlphV/BlackCat group has started contacting victims already, specifically organizations from which it claims to have stolen the most data.

7. Security experts Dirk Schrader and Brett Callow have noted that the tactic of extorting indirect victims is not surprising and is in line with the ransomware groups’ continual adaptation of tactics and weaponizing of the press.

8. Schrader emphasizes the need for organizations, including their supply chains, to prepare for these evolved cyber threats by managing data, identities, infrastructure, and assessing third-party risk.

9. Tipalti’s other high-profile customers have been mentioned, which includes Discord, Canva, GoDaddy, and Twitter/X. The majority did not respond to inquiries about the incident, except for used car dealer Cazoo, which plans to conduct internal inquiries.

10. A spokesperson from Tipalti has commented that the security of their systems and data is taken seriously, and they have robust security measures in place.

11. Communication with X’s press email yielded an auto-reply without substantial information after the recent layoffs of the communication team post-takeover by Musk.

Full Article