“Ransomware Attacks Are Now Data Breaches:” Criminals Threaten to Identify Victims and Release Data

In the last few days, the cyber criminals behind the Maze ransomware created a public website where they identify their victims who have chosen to rebuild their operations rather than yield to the ransom demands. The move is part of the criminals’ signaling that they will publish the data stolen from their victims if they don’t pay. “For years, ransomware developers and affiliates have been telling victims that they must pay the ransom or stolen data would be publicly released,” said cybersecurity researcher and BleepingComputer founder Lawrence Adams. “While it has been a well-known secret that ransomware actors snoop through victim’s data, and in many cases steal it before the data is encrypted, they never actually carried out their threats of releasing it,” he added. Abrams said that changed at the end of last month, when the criminals behind Maze threatened a company that if it did not pay the ransom, they would release their files. When they did not receive a payment, they released 700MB worth of data on a hacking forum. “Ransomware attacks are now data breaches,” Abrams observed. The criminals pushing Maze aren’t the only ones who have taken this step; the threat actors behind the Sodinokibi/rEvil ransomware campaign announced on a popular Dark Web forum that they also plan to start using stolen files and data as public leverage to get victims to pay ransoms. Read the articles at Krebs on Security and Bleeping Computer.