For large ransom groups, creating so-called “leak sites” has become a major strategy in order to upload and leak important documents from firms who decline to pay the ransomware decryption fee.

These sites are part of a new inclination founding on the cybercriminal underground where ransomware groups are espousing a new method called “double extortion.”

The case of the University of Utah is the textbook instance of how ransomware gangs are presently using “leak sites” and “double extortion” to exert pressure on victims to pay.

Last week, the university’s management confessed to paying $457,000 to a ransomware group even if they retrieved their encoded files using earlier backups.

The university, in a statement, justified its payment by divulging that the ransomware gang intimidated to leak files comprising sensitive student data online if the university did not approve to pay irrespective of whether they recovered their original files.

Incidents such as these are becoming a dime a dozen nowadays as more and more ransomware groups move to operating a leak site to put extra pressure on victims. However, not all ransomware groups do that, but the number has been steadily rising since December 2019, when the operators of the Maze ransomware conducted the first-ever leak site.

The list of ransomware gangs who operate leak sites includes the likes of Ako, Avaddon, CLOP, Darkside, DoppelPaymer, Maze, Mespinoza (Pysa), Nefilim, NetWalker, RagnarLocker, REvil (Sodinokibi), and Sekhmet.

Some of these gangs are operators that even malware experts have hardly heard of, but some, such as Maze, DoppelPaymer, REvil, and NetWalker, are some of today’s major ransomware threat actors, which are blamed for carrying out a huge number of ransomware attacks.

Data leak site released by Conti

When a corporate network is attacked by ransomware operations run by humans, they usually steal unencrypted data before encoding the files. This pilfered data is then used as leverage to have a victim pay the money under threat that the files will be released on ransomware data leak websites.

Although Conti ransomware has been active for quite some time, it came up with its own ‘Conti.News’ data leak site only recently. As many as twenty-six victims, which include both large and reputed firms, are currently registered by this data leak site.

Related articles

Hackers Put over Half a Million Login details Zoom on Dark Web: Times
Cyber Crime

Hackers Put over Half a Million Login details Zoom on Dark Web: Times

By CertX
Nozomi Networks Says It Has Raised $100 Million
Cyber Crime

Nozomi Networks Says It Has Raised $100 Million

By CertX
Hackers Continue to Abuse Cisco ASA Vulnerability Discoverd Last Year
Cyber Crime / Security Updates

Hackers Continue to Abuse Cisco ASA Vulnerability Discoverd Last Year

By CertX
New Supply-Chain Attack Attempt Exposed by Avast
Cyber Crime

New Supply-Chain Attack Attempt Exposed by Avast

By CertX
Global Cybersecurity Ranking – Least To The Most Cyber Secure Country
Cyber Crime

Global Cybersecurity Ranking – Least To The Most Cyber Secure Country

By CertX

Leave a Reply

Your email address will not be published. Required fields are marked *