Ransomware groups find new way of extorting companies
Multiple ransomware threat actors are creating sites to leak the stolen data of non-paying victims or selling data exposed in their attacks on the black market, research shows.
The authors of at least seven ransomware families have created “news” sites to publish stolen data, according to cybersecurity expert Lawrence Abrams, the creator of BleepingComputer.com.
The groups have been quick to follow in the footsteps of Maze, the first ransomware company to create a site to publish stolen data as a further extortion attempt.
Ransomware actors Sodinokibi, Nemty, DoppelPaymer, Nefilm Ransomware, CLOP Ransomware and Sekhmet Ransomware have recently published data leak sites, Abrams said.
The sites follow a similar format, with a landing page linking to the data of victims who have refused to pay.
Meanwhile, hackers have started to distribute the stolen data on deep web forums, and chatter suggests that hackers who have purchased the link have found valuable information including credit card numbers and tax reporting forms.
Abrams said these developments underscore the fact that all ransomware attacks must be considered data breaches, because attackers are increasingly sifting through the compromised information before encrypting it.
This has implications for employees and customers impacted by the attacks, because too many ransomware attacks are going undisclosed to even to the victims of data theft.
Accelerating the adoption of passkeys without compromising user experience
We need authentication methods that remove the human element from the equation, and that's...
Modern CISOs must throw out the traditional cybersecurity playbook
The primary imperative for today's CISOs should be to align the security agenda with business...
AI agents: securing the 'artificial workforce'
Just as they would with new employees, security teams will need to define access policies for...
