So AlphV (aka BlackCat) is trying something different again. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim's cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the victim's clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms and Twitch, all individually.
They even cite an academic reference on the potential benefit of paying ransom.
This listing is not the nasty approach that we've seen in some other listings on that leak site. But we'll see what happens if or when the victims don't respond.
I've sent an inquiry to Tipalti who is probably already swamped and running around trying to figure out what happened. AlphV claims to have been in multiple systems of theirs since September 8. Whether that's true or not remains to be seen.
#databreach #infosec #cybersecurity #ransom
#extortion #AlphV #BlackCat
npub1jahygzcn6e08fzlexp3zwx6wfn4erf2zmxay9jw4j6ctkv0c2qhsdm0scu (npub1jah…0scu) npub1wf44gvmu4g6x0gwwjgrnlw0f8dxmvx7h929k057wwv8hwa8clq6snr94wn (npub1wf4…94wn) npub1zj46mlm94ekxxlc26xk3yyse9c89jd6hrf9q6ce34w045es6a86sqzfyjh (npub1zj4…fyjh) npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux (npub17lg…9uux) npub1wnvh9t58l7gen6c7ftk8z9fdd3caqh4jd7sf4mdm5p8v5lz0ljfsej899h (npub1wnv…899h)
Dissent Doe :cupofcoffee: /
npub1rh…klmka
2023-12-03 13:04:56
Author Public Key
npub1rh9ks6jqam8nj4kccfk505f70erhhq0g0kcr6w32c5ywyqgltdpsmklmkaSeen on
wss://relay.nostr.bandPublished at
2023-12-03 13:04:56Event JSON
{
"id": "857436cd964c9daa490e79359a130ccaf316616496cb7d77561a7dea7c9bc97f",
"pubkey": "1dcb686a40eecf3956d8c26d47d13e7e477b81e87db03d3a2ac508e2011f5b43",
"created_at": 1701608696,
"kind": 1,
"tags": [
[
"p",
"976e440b13d65e748bf93062271b4e4ceb91a542d9ba42c9d596b0bb31f8502f",
"wss://relay.mostr.pub"
],
[
"p",
"726b54337caa3467a1ce92073fb9e93b4db61bd72a8b67d3ce730f7774f8f835",
"wss://relay.mostr.pub"
],
[
"p",
"14abadff65ae6c637f0ad1ad1212192e0e5937571a4a0d6331ab9f5a661ae9f5",
"wss://relay.mostr.pub"
],
[
"p",
"f7d0478e54eaa6e0cc98adf81d712148bce169a2c21b1c0f7a4ed446c6adc09e",
"wss://relay.mostr.pub"
],
[
"p",
"74d972ae87ff9199eb1e4aec71152d6c71d05eb26fa09aedbba04eca7c4ffc93",
"wss://relay.mostr.pub"
],
[
"p",
"c53d10d989799b5a527aea8350d69c5aefdef78a92ab77240eea850c6c72ea41",
"wss://relay.mostr.pub"
],
[
"p",
"1a5ac5b37984c5e37a11bc914029a81f025326ea7950c9475d9a3f21a494cb56",
"wss://relay.mostr.pub"
],
[
"p",
"5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"wss://relay.mostr.pub"
],
[
"p",
"f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"wss://relay.mostr.pub"
],
[
"p",
"979a28fa43702f9be4e468836a5b120cc4265237f4295fcb4a9b28e2a71d1c6b",
"wss://relay.mostr.pub"
],
[
"t",
"databreach"
],
[
"t",
"infosec"
],
[
"t",
"cybersecurity"
],
[
"t",
"ransom"
],
[
"t",
"extortion"
],
[
"t",
"ALPHV"
],
[
"t",
"blackcat"
],
[
"proxy",
"https://infosec.exchange/users/PogoWasRight/statuses/111516627530548764",
"activitypub"
]
],
"content": "So AlphV (aka BlackCat) is trying something different again. This time, it seems they are claiming a victim before they have even attempted to contact the victim or extort them. They post no proof of claims. They state that they are taking this approach because the victim's cyberinsurance policy does not cover extortion, and their research into the victim (Tipalti) and one of the victim's clients (Roblox) suggests that their usual approach will not work. They intend to try to extort those firms and Twitch, all individually. \n\nThey even cite an academic reference on the potential benefit of paying ransom.\n\nThis listing is not the nasty approach that we've seen in some other listings on that leak site. But we'll see what happens if or when the victims don't respond. \n\nI've sent an inquiry to Tipalti who is probably already swamped and running around trying to figure out what happened. AlphV claims to have been in multiple systems of theirs since September 8. Whether that's true or not remains to be seen. \n\n#databreach #infosec #cybersecurity #ransom \n#extortion #AlphV #BlackCat \n\nnostr:npub1jahygzcn6e08fzlexp3zwx6wfn4erf2zmxay9jw4j6ctkv0c2qhsdm0scu nostr:npub1wf44gvmu4g6x0gwwjgrnlw0f8dxmvx7h929k057wwv8hwa8clq6snr94wn nostr:npub1zj46mlm94ekxxlc26xk3yyse9c89jd6hrf9q6ce34w045es6a86sqzfyjh nostr:npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux nostr:npub1wnvh9t58l7gen6c7ftk8z9fdd3caqh4jd7sf4mdm5p8v5lz0ljfsej899h",
"sig": "f66f3af15505c33d78811798117defcbb23ae27bb7a5a1e341b5926a767e97bb30f89508beb98d7de36c3261bd326528afc70ecd2a3967a26652bd5632bf9bea"
}