Dati ransomware pubblicati in chiaro Piergiorgio Venuti

The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth

Estimated reading time: 3 minutes

Introduction

Ransomware attacks are becoming more common and lucrative for cybercriminals. In particular, the “double extortion” variant involves not only encrypting the victim’s data, but also stealing and threatening to publish it online for ransom. It is commonly believed that stolen data is not actually disclosed publicly, but remains confined to the dark web. In reality, things are not like that.

What is the dark web

The dark web refers to that part of the internet whose contents are not indexed by standard search engines. To access the dark web you need to use specific browsers such as Tor, which make browsing anonymous by encrypting and routing traffic through multiple nodes. Thanks to the anonymity it guarantees, the dark web is often used for criminal activities, such as the sale of stolen data.

However, the dark web is not as dark and mysterious as it is believed. Software like Tor is free and easily accessible to everyone. As a result, even sensitive data of companies that have ended up on the dark web can easily be leaked, even publicly.

Cybergangs also often publish unencrypted

Contrary to common belief, many of the criminal organizations that manage ransomware attacks end up publishing the stolen data of the victims even publicly, as an additional tool to pressure to obtain the ransom payment.

The forums and sites used for these publications are often hosted on non-EU servers, where there are no legal consequences, and are easily accessible to anyone. For example, the Conti group, one of the most active in the ransomware world, regularly publishes exfiltrated data through its “Conti Leaks” site.

Even lesser-known ransomware groups end up posting stolen data samples on public forums, then posting the URL to the victim, to demonstrate that the threat of full disclosure is real.

These publications take place on sites accessible to anyone with an internet connection. It is not necessary to resort to the dark web to access the stolen data.

Because cybergangs publish data in the clear

There are mainly three reasons that drive ransomware operators to publish the stolen data also publicly, and not only on the dark web:

  • Increase pressure on the victim: Publishing a sample of sensitive data is a powerful coercion tool to pressure the victim into paying to avoid full disclosure.
  • Damage the image of the target: Cybergangs often aim to inflict as much damage as possible on the victims, as well as to obtain a ransom. The publication of the data damages the reputation of the affected organization.
  • Advertising for your services: Showing the leaked data serves as proof of the effective capabilities of the ransomware group, allowing you to attract more customers for future attacks.

A million dollar business

Selling stolen data has become an extremely lucrative business for cybercriminals, second only to ransomware. Recent reports estimate that revenues from the sale of stolen data alone in 2021 netted hackers over $2 billion.

Sensitive company data can be sold for tens of thousands of euros on the dark web. But free sample posting further increases the destructive impact of the attack.

Conclusion: prevention is better than cure

The possibility that the data stolen by a ransomware attack will be publicly disclosed, and not only on the dark web, is therefore concrete and should not be underestimated. The consequences of such a data breach can be extremely serious for a company, causing reputational damage, legal fines and loss of intellectual property.

It therefore becomes crucial to invest in prevention, adopting modern security solutions such as SOC (Security Operation Center) platforms that monitor the corporate network 24 hours a day to identify and block attacks before hackers can steal or encrypt sensitive data.

In addition, advanced threat intelligence services such as those provided by companies such as Secure Online Desktop allow you to monitor the dark web to identify any stolen company data that is being offered for sale, to take immediate action and limit the damage.

Contattaci

Useful links:

Share


RSS

RSS feed

More Articles…

Categories …

Tags

Acronis Cloud Backup BaaS Backup cloud cloud computing Cloud Conference cloud provider reggio emilia cloud server cloud services CTI cyber security cyber security cyber threat Cyber Threat Hunter Data Exfiltration GDPR Machine Learning Monitoraggio infrastruttura ICT Next Generation SIEM nextgen siem online hosting owncloud owncloud pentest Phishing Plesk Ransomware Ransomware security server virtuale sicurezza siem Smart Working SOAR SOCaaS Threat intelligence UEBA VDS Virtual Machine vps vulnerability assessment web hosting webinar Zabbix Zabbix as a Service

RSS Unknown Feed

RSS Full Disclosure

  • APPLE-SA-04-01-2025-1 watchOS 11.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-04-01-2025-1 watchOS 11.4 watchOS 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122376. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AirDrop Available for: Apple Watch Series 6 and later Impact: An […]
  • APPLE-SA-03-31-2025-11 visionOS 2.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-11 visionOS 2.4 visionOS 2.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122378. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accounts Available for: Apple Vision Pro Impact: Sensitive keychain data may […]
  • APPLE-SA-03-31-2025-10 tvOS 18.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-10 tvOS 18.4 tvOS 18.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122377. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AirDrop Available for: Apple TV HD and Apple TV 4K (all […]
  • APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-9 macOS Ventura 13.7.5 macOS Ventura 13.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122375. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AccountPolicy Available for: macOS Ventura Impact: A malicious app […]
  • APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-8 macOS Sonoma 14.7.5 macOS Sonoma 14.7.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/122374. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AccountPolicy Available for: macOS Sonoma Impact: A malicious app […]
  • APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 macOS Sequoia 15.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122373. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: macOS Sequoia Impact: An app may […]
  • APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-6 iOS 15.8.4 and iPadOS 15.8.4 iOS 15.8.4 and iPadOS 15.8.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122345. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone 6s […]
  • APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-5 iOS 16.7.11 and iPadOS 16.7.11 iOS 16.7.11 and iPadOS 16.7.11 addresses the following issues. Information about the security content is also available at https://support.apple.com/122346. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone 8, […]
  • APPLE-SA-03-31-2025-4 iPadOS 17.7.6 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-4 iPadOS 17.7.6 iPadOS 17.7.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/122372. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accounts Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, […]
  • APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4 April 3, 2025
    Posted by Apple Product Security via Fulldisclosure on Apr 02APPLE-SA-03-31-2025-3 iOS 18.4 and iPadOS 18.4 iOS 18.4 and iPadOS 18.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/122371. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Accessibility Available for: iPhone XS […]

Customers

Newsletter

{subscription_form_1}
Products and Solutions
Partners
Cloud Models
News
Google Reviews
Secure Online Desktop s.r.l.
4.9
Based on 37 reviews
powered by Google
review us on
Omid Fazeli
7 years ago
They have a lot of solutions for any ki... read more
See All Reviews
Facebook
Secure Online Desktop s.r.l.
Secure Online Desktop s.r.l.
5.0
Based on 12 reviews
powered by Facebook
review us on
Paolo Raimondi
Paolo Raimondi
7 years ago
La Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more
Ilaria Miglietta
Ilaria Miglietta
7 years ago
Servizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more
Francesca Marastoni
Francesca Marastoni
7 years ago
Excellent service company with... wonderful stuff. Highly recommended.

Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more
Alessio Liga
Alessio Liga
7 years ago
Servizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more
Matteo Revelli
Matteo Revelli
7 years ago
Ottima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more
Lorenzo Munari
Lorenzo Munari
7 years ago
Azienda molto seria e... affidabile.

E' un piacere poter collaborare con realtà di questo tiporead more
Francisco Amadi
Francisco Amadi
7 years ago
Ho avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more
Davide Michelotto
Davide Michelotto
7 years ago
Ottimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more
Gabriele Petralia
Gabriele Petralia
7 years ago
Luca Prati
Luca Prati
7 years ago
Azienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more
Valerio Lezza
Valerio Lezza
7 years ago
Daniela Cospito Di Leo
Daniela Cospito Di Leo
7 years ago
More Reviews
js_loader
payments gateway
About