Ransomware Gangs That Steal Your Data Don't Always Delete It

Ransomware gangs that steal a company’s data and then get paid a ransom fee to delete it don’t always follow through on their promise. From a report:

The number of cases where something like this has happened has increased, according to a report published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months. These incidents take place only for a certain category of ransomware attacks – namely those carried out by “big-game hunters” or “human-operated” ransomware gangs. These two terms refer to incidents where a ransomware gang specifically targets enterprise or government networks, knowing that once infected, these victims can’t afford prolonged downtimes and will likely agree to huge payouts. But since the fall of 2019, more and more ransomware gangs began stealing large troves of files from the hacked organizations before encrypting the victims’ files. The idea was to threaten the victim to release its sensitive files online if the company wanted to restore its network from backups instead of paying for a decryption key to recover its files.

7 Likes