Ransomware groups find new way of extorting companies
Multiple ransomware threat actors are creating sites to leak the stolen data of non-paying victims or selling data exposed in their attacks on the black market, research shows.
The authors of at least seven ransomware families have created “news” sites to publish stolen data, according to cybersecurity expert Lawrence Abrams, the creator of BleepingComputer.com.
The groups have been quick to follow in the footsteps of Maze, the first ransomware company to create a site to publish stolen data as a further extortion attempt.
Ransomware actors Sodinokibi, Nemty, DoppelPaymer, Nefilm Ransomware, CLOP Ransomware and Sekhmet Ransomware have recently published data leak sites, Abrams said.
The sites follow a similar format, with a landing page linking to the data of victims who have refused to pay.
Meanwhile, hackers have started to distribute the stolen data on deep web forums, and chatter suggests that hackers who have purchased the link have found valuable information including credit card numbers and tax reporting forms.
Abrams said these developments underscore the fact that all ransomware attacks must be considered data breaches, because attackers are increasingly sifting through the compromised information before encrypting it.
This has implications for employees and customers impacted by the attacks, because too many ransomware attacks are going undisclosed to even to the victims of data theft.
Aussie corporate clouds under fire amid COVID-19 crisis
External attacks on Australian corporate cloud accounts have surged 630% as a result of the...
DTA releases latest COVIDSafe update
The Digital Transformation Agency has incorporated new security and accessibility enhancements...
Australia condemns state attacks on health infrastructure
Australia's Ambassador for Cyber Affairs has condemned state-backed malicious actors that are...
