As cybercriminals are partially successful in their attacks on major corporations, the criminals are changing their attack approach and creating more channels within the attack to harm their victims. Initially, the ransomware profitability came from blackmailing their victim by encrypting their business data and demanding a ransom to provide the encryption keys. In response to these attacks, the security experts quickly adopted techniques that would counter the data encryption and restored customer data without paying the ransom.
This countermeasure of not paying the ransom has the cybercriminals upset, and they are now stealing user data from their victims. The ransomware variants designed to steal data are named Ako, CL0P, DoppelPaymer, Maze, Pysa, Nefilim, Nemty, Netwalker, Ragnarlocker, REvil, Sekhmet, and Snatch.
By stealing data from the victim network before encrypting the business data, ransomware cybercriminals now have a two-track threat. Pay ransom to regain access to your data, and if the organization refuses to pay the ransom, the cybercriminals with the post the business data on the dark web, or post the sensitive information on the web. Based on the type of data stolen and leaked, an organization can lose its competitive advantage in the marketplace, violate data protection regulations, and lose their credibility with the customers.