More recently, we wrote that cryptographic operators come up with ever new extortion tactics. For example, the developers of Sodinokibi (REvil) are considering creating a system that will automatically send emails to stock exchanges such as NASDAQ. It is planned to inform the exchanges about attacks on specific companies (which refuse to pay the buyback), which, of course, will negatively affect the value of the shares of the latter.
In addition, the trend of recent months among cryptographic operators has been the publication of publicly available data stolen from affected companies. So, the Malvari developers urge affiliates to copy the victim’s data before encryption, so that this information can then be used as a lever of pressure (and if this does not help, make it public or sell). Own sites for these purposes have already been started by the developers of the malvari Maze, DoppelPaymer and Sodinokibi. Such information may include financial documents of the company, personal information of employees and customer data.
Now edition Bleeping computer warned that a similar resource to drain the stolen data got a hack group behind the Nemty ransomware. Currently, the data of one company-victim has already been published in the blog of cybercriminals. The name of the affected company was not disclosed, it is only known that it is an American shoe company, and the published dump contains 3.5 GB of files.