In Coveware’s Q3 2020 report, there’s a section on criminals not keeping their word about deleting data if you’ll just pay them their extortion demands (imagine criminals not keeping their word — oh, the shock):
PAYING A RANSOM MAY NOT STOP RANSOMWARE GROUPS FROM LEAKING THE EXFILTRATED DATA
Coveware feels that we have reached a tipping point with the data exfiltration tactic. Despite some companies opting to pay threat actors to not release exfiltrated data, Coveware has seen a fraying of promises of the cybercriminals (if that is a thing) to delete the data. The below list includes ransomware groups whom we have observed publicly DOX victims after payment, or have demanded a second extortion payment from a company that had previously paid to have the data deleted / no leaked:
Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.
Maze / Sekhmet / Egregor (related groups): Data posted on a leak site accidentally or willfully before the client understood there was data taken.
Netwalker: Data posted of companies that had paid for it not to be leaked
Mespinoza: Data posted of companies that had paid for it not to be leaked
Conti: Fake files are shown as proof of deletion
Although victims may decide there are valid reasons to pay to prevent the public sharing of stolen data, Coveware’s policy is to advise victims of data exfiltration extortion to expect the following if they opt to pay:
The data will not be credibly deleted. Victims should assume it will be traded to other threat actors, sold, or h ..
Support the originator by clicking the read the rest link below.
