Ransomware Authors Releasing Data of Victims who are not paying the Ransom

Getting infected with a ransomware can be very destructive for a company or government organizations however, the Cyber-criminals developers are trying to make it even worse for the victimized users. Once a ransomware encrypts users’ crucial files and data stored inside their systems, it keeps all data hostage until the victims pay the attackers a sum of ransom to unlock it. But now, they are also threatening to reveal the vital data Online if the ransom is not made on time.

In December 2019, developers of the Sodinokibi ransomware threatened to take such steps on an underground Russian hacker group meeting. The post was shared with the community by security researcher Damian who discovered UNKN, the public-facing representation of the ransomware, had posted the threat. Such a tactic has been seen before with Maze, another ransomware variant, published 700 MB of data stolen from Allied Universal. At the time this was believed to be only 10% of the data stolen by hackers while simultaneously conducting ransomware operations. The data was released in response to payment not being made by the victim. Sodinokibi now has followed suit.

We all take advantage from encryption when it keeps our files and communications private, but the same tactic makes ransomware possible. crypto-virus can target individuals, but the actors behind these operations have increasingly targeted companies with deeper pockets than your average computer user. Upon infecting a PC, ransomware encrypts important files and deletes the originals. To retrieve the files, the victim has to pay a ransom (usually in Bitcoin) in exchange for the decryption key.

UNKN has made related hazards in the past, namely to Travelex and CDH Investments, however, the threat was not act out upon. Now that appears to have changed with an announcement from one of the ransomware’s representatives that data belonging to Artech has been leaked to the public. The announcement contained links to approximately 337 MB of data belonging to the company which describes itself as an IT staffing company.

Maze has set a new dangerous height for other file-encoding infections authors to try to follow. Reports began emerging in early January that those behind the ransomware had leaked 14 GB of data belonging to Southwire, a cable manufacturer and apparent victim of Maze. Allegedly 120 GB of data was stolen and those behind Maze initially leaked 2 GB of the data, the same as had been done to the City of Pensacola previously, with the hackers demanding over 6 million USD in Bitcoin to decrypt the encrypted files. Further, those behind Maze stated in a post,

But now our website is back but not only that. Because of southwire actions, we will now start sharing their private information with you, this only 10% of their information and we will publish the next 10% of the information each week until they agree to negotiate. Use this information in any nefarious ways that you want”.