Since 2019 , ransomware gangs have leaked to data leak sites in Dark web stolen data belonging to over 2.100 companies. The 2013 started by modern ransomware companies, the goal of the attackers was to encrypt as many companies as possible and then demand ransom to provide the victims with a decryptor.
From the beginning of 2020, ransomware companies began to implement a new tactic called "Double blackmail". In the context of double blackmail, ransomware companies steal unencrypted files before encrypting a network. The attackers then threaten to leak the stolen files to data leak sites on the dark web if the victims refuse to pay the required ransom.
Between the threat of not retrieving their encrypted files and the additional concerns about data breaches, government sanctions and lawsuits, threatening agents hope victims will be forced to pay a ransom more easily.
A dark web researcher known as DarkTracer who monitors the data leak sites of 34 gang ransomware, told BleepingComputer that so far data belonging to 2.103 organizations have been leaked.
The ransomware gangs tracked by DarkTracer are Team Snatch, MAZE, Conti, NetWalker, DoppelPaymer, NEMTY, Nefilim, Sekhmet, Pysa, AKO, Sodinokibi (REvil), Ragnar_Locker, Suncrypt, DarkSide, CLOP, Avaddon, LockBlock, Ranzy Locker, Pay2Key, R3 , BABUK LOCKER, Astro Team, LV, File Leaks, Marketo, N0twXNUMXrm, Lorenz, Noname and XING LOCKER.
Of these, the top five active companies they are Accounts (338 leaks), Sodinokibi / REvil (222 leaks), DoppelPaymer (200 leaks), Avaddon (123 leaks) and PYSA (103 leaks). Three ransomware gangs that are no longer active and have more leaks than some of the top five are Maze (266 leaks) and Egregor (206 leaks).
The data found on the data leak sites of ransomware gangs are presented in the following table created by DarkTracer, by on May 4, 2021.
Some of the mentioned ransomware gangs are no longer active, such as NetWalker, Sekhmet, Egregor, Maze and Team Snatch or have changed their name, such as NEMTY and AKO.
The "data blackmail industry" has become a major source of revenue for ransomware gangs, with Victims say they are more concerned about data leakage than the loss of encrypted files.
Other threatening factors have begun to create new markets for their data leaks last two months, exclusively for the sale of stolen data.
Although it seems a good idea to victims to pay the ransom required to prevent data leakage, there is no guarantee that their data will not be leaked or sold to other malicious agents.
Therefore, if your data has been stolen, it is better to treat it as a data breach and avoid paying a ransom, as in this way you financially support the malicious activities of cybercriminals.
Source of information: bleepingcomputer.com