Researchers and analysts who track developments in ransomware leak sites are buzzing this morning about a post by the AlphV (“BlackCat”) threat actors.
Normally, threat actors try to extort their victims and then, if the victims do not pay or respond, they start leaking information about the attack and any data.
This time, AlphV is naming its victims and announcing that it will attempt to extort them and at least two of their clients before the victims have ever been contacted at all. The main victim is Tipalti and its to-be-extorted clients are Roblox and Twitch.
AlphV explains why it is taking this unusual approach. In reading the following, remember that none of AlphV’s claims have been confirmed or responded to yet by Tipalti:
Outing victims before they even get a chance to respond is a bad business practice, but given that Tipalti’s insurance policy does not cover cyber extortion and considering the behavior of the executive team in general, observed through internal communications, we believe the likelihood of them reaching out on our terms is unlikely, regardless of the sensitivity of data in question. Another justification for this outing is due to us identifying a previous extortion attempt that occurred last year by a different group where the Roblox company engaged in excessive stalling, over a considerable period of time – we observed that no payment was made in this case. We will treat potential smart-asses like the filthy criminals they are. If these 2 victims do not pay up, we will engage in the publication of data in multiple phases, over the next few months, to maximise the impact to the companies and affected clients. In the case of Roblox, we plan to individually extort affected parties such as their creators, for who we have significant confidential for, including tax documents.
Cybernews and DataBreaches.net have more on this developing story.