Skip to main content

New Ransomware Leaks Confidential Data To Public

By January 28, 2020May 9th, 2022Cybersecurity

There’s a disturbing emerging trend in the world of hackers who make use of ransomware to extort payment from companies. Increasingly, if a company won’t pay, their data that was stolen and encrypted is being published for all to see.

KrebsOnSecurity recently identified a website associated with the creators of the Maze ransomware strain that did exactly that.

The introductory message on the landing page reads as follows:

Represented here companies don’t wish to cooperate with us, and trying to hide our successful attack on their resources. Wait for their databases and private papers here. Follow the news!”

Many industry insiders and security experts have expressed shock and dismay at the emerging trend. They probably shouldn’t. After all, hackers who use ransomware almost always issue a warning that if their demands aren’t met, the data in question will be released to the public. It’s such a common threat that it’s almost become boilerplate.

The difference is that until recently, hackers haven’t actually followed through on the threat. That now appears to be changing, and it underscores an important point.

Hackers often snoop through and exfiltrate the data they encrypt prior to the encryption itself. Doing so essentially sees them get paid twice. If the company pays the ransom, they get the money. Meanwhile, they can auction off the juiciest bits of data to the highest bidder. Most commonly, this means selling personal information and credit card data, but it certainly can mean proprietary company data. In fact, it now appears that it does mean company data.

What this means though, is that ransomware attacks need to be considered data breaches and treated accordingly. If that’s not your company’s current stance where such attacks are concerned, it should be.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.