Ransomware Groups Posting Stolen Data Even After Payment

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Ransomware gangs are increasingly likely to break their promise not to leak stolen data once a victim has paid them, Coveware has warned.

The security vendor claimed in its analysis of Q3 2020 that data exfiltration is now a part of almost half of all ransomware attacks — used to drive monetization among victim organizations that have backed up.

However, the tactic has now reached a tipping point, with groups such as Sodinokibi, Maze, Netwalker, Mespinoza and Conti starting to publish data even after payment, and/or demand a second ransom be paid to prevent publication, Coveware claimed.

“Despite some companies opting to pay threat actors to not release exfiltrated data, Coveware has seen a fraying of promises of the cyber-criminals to delete the data,” it explained.

The vendor urged victim organizations to think carefully about their strategy and long-term liabilities when formulating a response.

“This includes getting the advice of competent privacy attorneys, performing an investigation into what data was taken, and performing the necessary notifications that result from that investigation and counsel,” it said. “Paying a threat actor does not discharge any of the above, and given the outcomes that we have recently seen, paying a threat actor not to leak stolen data provides almost no benefit to the victim.”

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top