The gang behind it Conti ransomware joined the "company" of hackers who create "leak siteFor the data of the victims.
One of the biggest threats to cyberspace is ransomware attacks. However, in recent months more and more ransomware gangs combine these attacks with violations data, after creating the so-called "leak sites“, Which they use to expose sensitive documents from companies refusing to pay the ransom.
These "leak sites" are a new trend, as ransomware ransomware adopts a new tactic calleddouble blackmail".
The university said that had to pay the gang because the hackers threatened to leak files containing sensitive student data.
More and more ransomware create gangs leak sites
Meanwhile, more and more ransomware gangs are turning to leak sites to put extra pressure on victims.
The good news is that not all gangs have their own site. However, their number has been steadily increasing since December 2019, when its operators Maze of ransomware they made the beginning and created the first site.
Today, the list of ransomware gangs that use leak sites includes: Ako, Avaddon, CLOP, Darkside, DoppelPaymer, Maze, Mespinoza (Pysa), Nefilim, NetWalker, RagnarLocker, REvil (Sodinokibi) and Sekhmet.
Some of these groups are not very well known, but there are others such as Maze, DoppelPaymer, REvil and NetWalker that are among the biggest threats.
Other groups, such as BitPaymer, WastedLocker, LockBit, ProLock and Dharma, have not yet adopted this tactic. One reason may be that some groups do not want to get much attention and leak sites tend to attract too much attention from journalists, Companies cyber security, and law enforcement officials.
The Accounts ransomware creates its own leak site
Since last week, another major ransomware team has entered the game of double blackmail and created its own leak site.
The team is handling the relatively new Conti ransomware, which is said to be used by its operators Ryuk ransomware.
Conti ransomware's leak site discovered by a malware analyst nicknamed BreachKey. The site is available at different URLs both in public Internet as well as in dark web.
BreachKey said the site already includes files of 26 companies who have fallen victim to the group's attacks and have refused to pay the ransom.
Creating another leak site shows that the double blackmail system is here to stay.
This new trend also means that changes need to be made in the way companies deal with ransomware attacks. Whereas in the past, victim companies only had to recover archives and get back to their daily activities, now they have to deal with infringement and possible data leakage.