Bitcoin is volatile as ever. But as a method of obscuring identity, the cryptocurrency has been proven popular among hackers and black market merchants.
Ransomware is a software with malicious purposes. It scans and encrypts victims' data and making them useless. Holding data as ransom, hackers demand payment, usually in Bitcoins, before the victims are sent with the decryption key.
However, an increasing number of companies and organizations aren't falling for this scheme.
When they fell as victims, many of them opt to work with specialists and the authorities, and develop methods to decrypt, or at least recovering some of the encrypted data, without ever paying the ransom. And this isn't making the hackers happy.
According to a report from KrebsOnSecurity, one particular ransomware group has created a public website to showcase the companies that decided to quietly rebuild their operations instead of paying the hackers the requested ransom payment.
Initially, the site lists eight different companies that refused to pay a ransom demand.
The site discloses information that includes the date of the attack, stolen Microsoft Office, text, PDF files, and the total volume of files allegedly exfiltrated from the victims. Hackers have also disclosed IP addresses and the machine names of the infected servers.
“Represented here companies don’t wish to cooperate with us, and trying to hide our successful attack on their resources,” the site reads in broken English. “Wait for their databases and private papers here. Follow the news!”
KrebsOnSecurity says it was able to confirm that at least one of the companies listed recently succumbed to Maze ransomware and that the attack hasn’t been disclosed publicly.
The move by Maze Ransomware came after hackers responsible for spreading Sodinokibi Ransomware, which has been causing widespread chaos in months, revealed on a dark web forum that they are planning to begin using stolen files and data as leverage to get victims to pay up.
Although cybersecurity experts and law enforcement often advise victims to never pay for ransom, the people behind Sodinokibi have been doing profitable business for quite some time. Previously reported by Hard Fork, a hacker who distributed this particular malware made about $287,499 in Bitcoin in just 72 hours.
Additionally, researchers have also found that Sodinokibi has more than 40 active affiliates, with its creators earning between $700 and $1,500 from every payment.
For victims, this website by the hackers can further damage the victims' brand.
Previously, victims may be able to avoid reporting ransomware incidents if they can show forensic evidence demonstrating that users' data has never taken or accessed. By keeping the news of the breach from outsiders, the companies can avoid reputation damage, avoid fines and other penalties.
But websites like the one that Maze Ransomware created could dramatically complicate these incidents.