More ransomware groups threaten to publish data stolen data from non-payers
More and more ransomware groups are starting to steal data before encryption in order to blackmail their victims into paying up
Three new ransomware groups have established websites where the sensitive data of non-payers will be published, adopting the strategy established last year by the Maze ransomware group. That approach was subsequently copied by the Sodinokibi/REevil group, Nemty and DoppelPaymer and now looks to be going mainstream among cyber-crime groups.
The new groups include the Nefilim ransomware group, which has set-up a site called ‘Corporate Leaks'; the CLOP ransomware group, responsible for an attack on Maastricht University in February; and, the Sekhmet ransomware group, a relatively new group, according to Bleeping Computing, which has set up a site called "Leaks leaks and leaks".
The Sodinokibi/REevil group was responsible for the attack on Travelex on New Year's Eve. This took the company's systems down for a month. Travelex's parent company, Finablr, is now on the verge of calling administrators.
It's not known whether the Sodinokibi ransomware group exfiltrated data from Travelex prior to encrypting the company's systems, and it hasn't publicly threatened to publish any Travelex data - yet. The company is also believed to have negotiated with the gang regarding payment, although Travelex has refused to confirm or deny whether it paid up.
The group is believed to have taken advantage of an unpatched Pulse Secure VPN server to gain entry, and could had access to Travelex's systems for months before it launched the attack.
Information about the Travelex ransomware is sketchy as the company has refused to release any comprehensive information.
Travelex had claimed that , strictly speaking, it had not suffered a data breach as there was no evidence of data exfiltration having occurred. As a result, it argued that it did not need to report the attack to the Information Commissioner's Office (ICO) within the 72 hours required under GDPR.
The ICO, however, will almost certainly have a different interpretation, with ransomware widely believed to constitute a data breach under GPDR.
More on Security
Half of all UK businesses hit by security breaches in the past 12 months, according to government Cyber Security Breaches Survey 2020
More businesses and charities than ever are being hit by cyber attacks, according to the latest survey – but organisation are also becoming more resilient
Surge in attacks from China-linked APT41 targeting unpatched Citrix servers and Cisco routers
APT41 attacks carried out between January and March targeted unsecured Citrix NetScaler servers and Cisco routers
Easy availability of ICS hacking tools poses major threat to industrial sector, researchers warn
Most tools are 'vendor agnostic' and can target products from some of the largest ICS original equipment manufacturers, warns FireEye
Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks
Groups behind Netwalker switched phishing baits to coronavirus last week - as other ransomware groups pledged to avoid medical facilities
Microsoft: Two zero-day vulnerabilities in Windows Adobe Type Manager Library are actively being exploited
All supported versions of Windows operating system are affected
Most read
