2,100 company has been leaked the data by ransomware gangs

A dark web security researcher known as DarkTracer has been tracking the data breach sites of thirty-four ransomware groups and said that they have now leaked the data of 2,103 organizations.

In the beginning, modern ransomware attackers aimed to encrypt as many companies as possible and then required these companies to pay a ransom to obtain a decryptor. However, since the beginning of 2020, the ransomware operation has implemented a new tactic called double-extortion. The attacker will first steal a large amount of sensitive business information, then encrypt the victim’s data, and threaten the victim to disclose the data if they do not pay the ransom. Between the threat of not being able to recover their encrypted files and the additional concerns of data breaches, government fines, and litigation, threats hope that this move will force victims to pay the ransom more easily.

The 34 ransomware groups tracked by DarkTracer are Team Snatch, MAZE, Conti, NetWalker, DoppelPaymer, NEMTY, Nefilim, Sekhmet, Pysa, AKO, Sodinokibi (REvil), Ragnar_Locker, Suncrypt, DarkSide, CL0P, Avaddon, LockBit, Mount Locker, Egregor, Ranzy Locker, Pay2Key, Cuba, RansomEXX, Everest, Ragnarok, BABUK LOCKER, Astro Team, LV, File Leaks, Marketo, N3tw0rm, Lorenz, Noname, and XING LOCKER.

Among them, the 5 most active organizations at the moment are Conti (338 leaks), Sodinokibi/REvil (222 leaks), DoppelPaymer (200 leaks), Avaddon (123 leaks), and Pysa (103 leaks). Among the groups that are no longer active, two of them caused more leaks than some of the top five groups. They were Maze (266 leaks) and Egregor (206 leaks).

At present, the ransomware groups NetWalker, Sekhmet, Egregor, Maze, and Team Snatch no longer operate; some groups have changed their names, such as NEMTY and AKO.

The data ransomware industry has become an important means of making money for ransomware groups. According to reports, the victims are more worried about data leakage than the loss of encrypted files. In view of this, some other threat actors have also sensed business opportunities and have begun to launch new data breach markets in the past few months, only for the sale of stolen data.

Via: bleepingcomputer