Skip to main content

New Ransomware Threatens To Release Stolen Data To Public

By December 31, 2019May 9th, 2022Cybersecurity

The leaders of the ransomware known as Sodinokibi (REvil Ransomware) have announced a nasty new tactic to get their victims to pay up when their files get encrypted.

The hackers are now threatening that they’ll begin releasing stolen data to the general public or to competitors unless the ransom is paid.

While hackers have made this threat in the past, this year was the first time in history that anyone has followed through with it. At the end of November of this year, when Allied Universal was successfully attacked, they were given the ultimatum to pay up or see their files released. The company didn’t pay, and the hackers promptly released more than 700MB of data on a hacking forum on the Dark Web.

Given this new reality, it raises some thorny questions. Should IT professionals begin treating ransomware attacks as data breaches? Possibly so, but doing so complicates matters. Right now, ransomware attacks are treated as a purely internal problem. Customers and vendors aren’t necessarily contacted and formal disclosures don’t have to be made as to the scope and scale of the data impacted.

If hackers start regularly releasing the files they encrypt, it puts a lot of information at risk. Information that includes sensitive data, personal information, salary information, termination letters, details on relationships with third parties, trade secrets, and a host of other sensitive, proprietary data. It is all at risk of public exposure. It will not only increase public concern but could easily lead to lawsuits. That is especially if the company falling victim to a ransomware attack fails to report it as a breach and the data is subsequently leaked.

It’s too soon to say whether or not this is or will become the new normal, but before it happens to you, it bears thinking about how your company will handle the issue.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.