Ransomware groups find new way of extorting companies
Multiple ransomware threat actors are creating sites to leak the stolen data of non-paying victims or selling data exposed in their attacks on the black market, research shows.
The authors of at least seven ransomware families have created “news” sites to publish stolen data, according to cybersecurity expert Lawrence Abrams, the creator of BleepingComputer.com.
The groups have been quick to follow in the footsteps of Maze, the first ransomware company to create a site to publish stolen data as a further extortion attempt.
Ransomware actors Sodinokibi, Nemty, DoppelPaymer, Nefilm Ransomware, CLOP Ransomware and Sekhmet Ransomware have recently published data leak sites, Abrams said.
The sites follow a similar format, with a landing page linking to the data of victims who have refused to pay.
Meanwhile, hackers have started to distribute the stolen data on deep web forums, and chatter suggests that hackers who have purchased the link have found valuable information including credit card numbers and tax reporting forms.
Abrams said these developments underscore the fact that all ransomware attacks must be considered data breaches, because attackers are increasingly sifting through the compromised information before encrypting it.
This has implications for employees and customers impacted by the attacks, because too many ransomware attacks are going undisclosed to even to the victims of data theft.
Secure-by-design software development for digital innovation
The rise of DevSecOps methodologies and developments in AI offers every business the opportunity...
Bolstering AI-powered cybersecurity in the face of increasing threats
The escalation of complex cyber risks is becoming a pressing issue for those in business...
How attackers are weaponising GenAI through data poisoning and manipulation
The possibility for shared large language models to be manipulated through data poisoning...
