Cybercriminals now require two ransoms: one for decryption, and the second for deleting stolen files

The Bleeping Computer publication says that ransomware operators have begun to use a new tactic that allows them to get more money from victims. Now cybercriminals demands two ransoms from the affected companies: one for decrypting the data, and the other for deleting the information that the hackers stole during the attack.

Journalists recall that at the end of 2019, creators of ransomware began to act according to a new scheme. It all started with Maze ransomware operators, which began to publish files that they stole from the attacked companie, if the victims refused to pay.

Recall that the cybercriminals behind the Maze ransomware do not miss opportunity to attacks even medical institutions that test the vaccine against COVID-19.

“Hackers set up a special site for such “dumps” and other groups soon followed an example, including Sodinokibi, Clop, Sekhmet, Nephilim, Mespinoza, and Netwalker”, – say Bleeping Computer reporters.

DoppelPaymer operators even published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

Now authors of the ransomware Ako joined them, but they went even further than their “colleagues.” The grouping forces some companies to pay a ransom twice: for decrypting files and for deleting stolen data.

As an example, some of the victims’ data was published on Aco’s website: the company paid $350,000 to decrypt the information, but hackers still published its files on their website because they did not receive a “second ransom” for deleting the stolen files.

One of the Ako operators answered Bleeping Computer’s questions and confirmed that double ransom demand is used only for some victims: it all depends on the size of the company and type of stolen data. As a rule, the size of the second buyback ranges from 100,000 to 2,000,000 US dollars, therefore, it usually exceeds the cost of decrypting the data.

“Big-income companies get scared when we talk about stolen files. So this is the motivation for other companies that have to pay”, – explain hackers.

Attackers argue that some companies generally prefer to pay for deleting data, but not for decrypting it. For example, this way went unnamed medical organizations from the USA, from was stolen confidential patient’s data, social security numbers, and so on. Journalists failed to confirm or deny these statements of criminals.