Categories: NewsSecurity

Cybercriminals now require two ransoms: one for decryption, and the second for deleting stolen files

The Bleeping Computer publication says that ransomware operators have begun to use a new tactic that allows them to get more money from victims. Now cybercriminals demands two ransoms from the affected companies: one for decrypting the data, and the other for deleting the information that the hackers stole during the attack.

In the of non-payment, attackers threaten to publish this data in the public domain.

Journalists recall that at the end of 2019, creators of ransomware began to act according to a new scheme. It all started with Maze ransomware operators, which began to publish files that they stole from the attacked companie, if the victims refused to pay.

Recall that the cybercriminals behind the Maze ransomware do not miss opportunity to attacks even medical institutions that test the vaccine against COVID-19.

“Hackers set up a special site for such “dumps” and other groups soon followed an example, including Sodinokibi, Clop, Sekhmet, Nephilim, Mespinoza, and Netwalker”, – say Bleeping Computer reporters.

DoppelPaymer operators even published in the public domain Boeing, Lockheed Martin, SpaceX and Tesla documents.

Now authors of the ransomware Ako joined them, but they went even further than their “colleagues.” The grouping forces some companies to pay a ransom twice: for decrypting files and for deleting stolen data.

As an example, some of the victims’ data was published on Aco’s website: the company paid $350,000 to decrypt the information, but hackers still published its files on their website because they did not receive a “second ransom” for deleting the stolen files.

One of the Ako operators answered Bleeping Computer’s questions and confirmed that double ransom demand is used only for some victims: it all depends on the size of the company and type of stolen data. As a rule, the size of the second buyback ranges from 100,000 to 2,000,000 US dollars, therefore, it usually exceeds the cost of decrypting the data.

“Big-income companies get scared when we talk about stolen files. So this is the motivation for other companies that have to pay”, – explain hackers.

Attackers argue that some companies generally prefer to pay for deleting data, but not for decrypting it. For example, this way went unnamed medical organizations from the USA, from was stolen confidential patient’s data, social security numbers, and so on. Journalists failed to confirm or deny these statements of criminals.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

View Comments

  • […] me remind you that at the end of 2019 creators of the ransomware began to “work” according to a new scheme that allows them to receive more money from […]

Recent Posts

Remove Chernars pop-up ads (Virus Removal Guide)

Chernars.com is a domain that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Eclipse-adblocker.pro pop-up ads (Virus Removal Guide)

Eclipse-adblocker.pro is a site that tries to trick you into clik to its browser notifications…

1 day ago

Remove Initiateadvancedcompletelythe-file.top pop-up ads (Virus Removal Guide)

Initiateadvancedcompletelythe-file.top is a site that tries to force you into subscribing to its browser notifications…

1 day ago

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

4 days ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

4 days ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

4 days ago