cyber crooks told services company Allied Universal that they would make its
files public if the company didn’t pay a ransom. Allied refused and the hackers
stuck to their threat, releasing a portion of the data onto the open internet.
The same gang has now published a website issuing similar threats to other victims
that have refused to pay ransom. If their demands are met, other ransomware
gangs will likely replicate the strategy to increase their chances of getting
paid, or to maximize their profits.
behind Maze ransomware recently erected a website (found by security reporter Brian Krebs)
listing the company names and websites of eight victims of their malware.
Besides an infection with the same ransomware strain, all these entities have
one thing in common: they all refused to pay up, deciding to recover the hard
way (i.e. from backups).
But the Maze
gang is not the only one threatening victims with data exposure if their ransom
demands aren’t met. The people behind Sodinokibi/rEvil made similar threats on
a popular dark web forum recently. Others before them issued similar threats,
but rarely kept their promise. While the method of twisting the victim’s armis
not new, 2019 marks the first time the bad guys are making good on their
promise. If the Maze gang is not lying about having exfiltrated victims’ data
before encrypting it, they will likely stick to their end of the bargain. If
that happens, there is no reason to believe other ransomware operators won’t do
the same in 2020 and beyond.
becoming synonymous with data breach has serious implications: the victim’s
reputation can become tarnished, while the legal repercussions (GDPR, CCPA,
HIPPA etc. ) can inflict millions and even billions in losses. For some, a
serious cyber incident can spell bankruptcy.
ransomware operators never fail to do is to replicate every method that has
worked in the past to coerce victims to cooperate. If the end of 2019 is any
indication, ransomware in 2020 will become more hazardous than ever –
especially for big businesses.