Name: Cyberfero s.r.l.
Price range: $$$

Home » The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth

Wednesday, 26 July 2023 19:00 Piergiorgio Venuti

The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth

Estimated reading time: 3 minutes

Introduction

Ransomware attacks are becoming more common and lucrative for cybercriminals. In particular, the “double extortion” variant involves not only encrypting the victim’s data, but also stealing and threatening to publish it online for ransom. It is commonly believed that stolen data is not actually disclosed publicly, but remains confined to the dark web. In reality, things are not like that.

What is the dark web

The dark web refers to that part of the internet whose contents are not indexed by standard search engines. To access the dark web you need to use specific browsers such as Tor, which make browsing anonymous by encrypting and routing traffic through multiple nodes. Thanks to the anonymity it guarantees, the dark web is often used for criminal activities, such as the sale of stolen data.

However, the dark web is not as dark and mysterious as it is believed. Software like Tor is free and easily accessible to everyone. As a result, even sensitive data of companies that have ended up on the dark web can easily be leaked, even publicly.

Cybergangs also often publish unencrypted

Contrary to common belief, many of the criminal organizations that manage ransomware attacks end up publishing the stolen data of the victims even publicly, as an additional tool to pressure to obtain the ransom payment.

The forums and sites used for these publications are often hosted on non-EU servers, where there are no legal consequences, and are easily accessible to anyone. For example, the Conti group, one of the most active in the ransomware world, regularly publishes exfiltrated data through its “Conti Leaks” site.

Even lesser-known ransomware groups end up posting stolen data samples on public forums, then posting the URL to the victim, to demonstrate that the threat of full disclosure is real.

These publications take place on sites accessible to anyone with an internet connection. It is not necessary to resort to the dark web to access the stolen data.

Because cybergangs publish data in the clear

There are mainly three reasons that drive ransomware operators to publish the stolen data also publicly, and not only on the dark web:

Increase pressure on the victim: Publishing a sample of sensitive data is a powerful coercion tool to pressure the victim into paying to avoid full disclosure.
Damage the image of the target: Cybergangs often aim to inflict as much damage as possible on the victims, as well as to obtain a ransom. The publication of the data damages the reputation of the affected organization.
Advertising for your services: Showing the leaked data serves as proof of the effective capabilities of the ransomware group, allowing you to attract more customers for future attacks.

A million dollar business

Selling stolen data has become an extremely lucrative business for cybercriminals, second only to ransomware. Recent reports estimate that revenues from the sale of stolen data alone in 2021 netted hackers over $2 billion.

Sensitive company data can be sold for tens of thousands of euros on the dark web. But free sample posting further increases the destructive impact of the attack.

Conclusion: prevention is better than cure

The possibility that the data stolen by a ransomware attack will be publicly disclosed, and not only on the dark web, is therefore concrete and should not be underestimated. The consequences of such a data breach can be extremely serious for a company, causing reputational damage, legal fines and loss of intellectual property.

It therefore becomes crucial to invest in prevention, adopting modern security solutions such as SOC (Security Operation Center) platforms that monitor the corporate network 24 hours a day to identify and block attacks before hackers can steal or encrypt sensitive data.

In addition, advanced threat intelligence services such as those provided by companies such as Secure Online Desktop allow you to monitor the dark web to identify any stolen company data that is being offered for sale, to take immediate action and limit the damage.

Contattaci

Useful links:

RSS

Categories …

Backup as a Service (18)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
Cloud Conference (3)
Cloud CRM (1)
Cloud Server/VPS (22)
Conferenza Cloud (4)
Cyberfero (15)
ICT Monitoring (5)
Log Management (2)
News (25)
ownCloud (4)
Privacy (7)
Security (203)
- Cyber Threat Intelligence (CTI) (8)
- Deception (4)
- Ethical Phishing (11)
- Netwrix Auditor (2)
- Penetration Test (11)
- Posture Guard (3)
- SOCaaS (65)
  - EDR (3)
  - SIEM (13)
  - SOAR (5)
  - UEBA (10)
- Vulnerabilities (84)
Web Hosting (15)

darkreading

For $50, Cyberattackers Can Use GhostGPT to Write Malicious Code January 27, 2025
Malware writing is only one of several malicious activities for which the new, uncensored generative AI chatbot can be used.
Apple Patches Actively Exploited Zero-Day Vulnerability January 27, 2025
The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.
IT-Harvest Launches HarvestIQ.ai January 27, 2025
Spectral Capital Files Quantum Cybersecurity Patent January 27, 2025
Change Healthcare Breach Impact Doubles to 190M People January 27, 2025
One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.
USPS Impersonators Tap Trust in PDFs in Smishing Attack Wave January 27, 2025
Attackers aim to steal people's personal and payment-card data in the campaign, which dangles the threat of an undelivered package and has the potential to reach organizations in more than 50 countries.
Crisis Simulations: A Top 2025 Concern for CISOs January 27, 2025
CISOs are planning to adjust their budgets this year to reflect their growing concerns for cybersecurity preparedness in the event of a cyberattack.
The Case for Proactive, Scalable Data Protection January 27, 2025
Whether you're facing growing data demands and increased cyber threats, or simply looking to future-proof your business, it's time to consider the long-term benefits of transitioning to a cloud-first infrastructure.
CISOs Are Gaining C-Suite Swagger, but Has It Come With a Cost? January 24, 2025
The number of CISOs who report directly to the CEO is up sharply in recent years, but many still say it's not enough to secure adequate resources.
DoJ Busts Up Another Multinational DPRK IT Worker Scam January 24, 2025
A departmentwide initiative has now led to five major law enforcement actions, in an attempt to curb the increasingly common trend of North Korean hackers posing as IT job applicants.

Full Disclosure

CVE-2024-48463 January 16, 2025
Posted by Rodolfo Tavares via Fulldisclosure on Jan 15=====[ Tempest Security Intelligence - ADV-10/2024 ]========================== Bruno IDE Desktop prior to 1.29.0 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents ]================================================== Overview Detailed Description Timeline of Disclosure Thanks & Acknowledgements References =====[ Vulnerability Information...
CyberDanube Security Research 20250107-0 | Multiple Vulnerabilities in ABB AC500v3 January 16, 2025
Posted by Thomas Weber | CyberDanube via Fulldisclosure on Jan 15CyberDanube Security Research 20250107-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities in ABB AC500v3 product| ABB AC500v3 vulnerable version|
Certified Asterisk Security Release certified-20.7-cert4 January 16, 2025
Posted by Asterisk Development Team via Fulldisclosure on Jan 15The Asterisk Development Team would like to announce security release Certified Asterisk 20.7-cert4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert4 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-20.7-cert4 ## Change Log for Release asterisk-certified-20.7-cert4 ###...
Certified Asterisk Security Release certified-18.9-cert13 January 16, 2025
Posted by Asterisk Development Team via Fulldisclosure on Jan 15The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert13. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert13 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert13 ## Change Log for Release asterisk-certified-18.9-cert13 ###...
Asterisk Security Release 22.1.1 January 16, 2025
Posted by Asterisk Development Team via Fulldisclosure on Jan 15The Asterisk Development Team would like to announce security release Asterisk 22.1.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.1.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.1.1 ## Change Log for Release asterisk-22.1.1 ### Links: - [Full ChangeLog](...
Asterisk Security Release 18.26.1 January 16, 2025
Posted by Asterisk Development Team via Fulldisclosure on Jan 15The Asterisk Development Team would like to announce security release Asterisk 18.26.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.1 ## Change Log for Release asterisk-18.26.1 ### Links: - [Full ChangeLog](...
[asterisk-dev] Asterisk Security Release 21.6.1 January 16, 2025
Posted by Asterisk Development Team on Jan 15The Asterisk Development Team would like to announce security release Asterisk 21.6.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.6.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.6.1 ## Change Log for Release asterisk-21.6.1 ### Links: - [Full ChangeLog](...
[asterisk-dev] Asterisk Security Release 20.11.1 January 16, 2025
Posted by Asterisk Development Team on Jan 15The Asterisk Development Team would like to announce security release Asterisk 20.11.1. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.11.1 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.11.1 ## Change Log for Release asterisk-20.11.1 ### Links: - [Full ChangeLog](...
Multiple vulnerabilities in CTFd versions <= 3.7.4 December 31, 2024
Posted by Blazej Adamczyk on Dec 30━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Multiple vulnerabilities in CTFd versions
IBMi Navigator / CVE-2024-51464 / HTTP Security Token Bypass December 31, 2024
Posted by hyp3rlinx on Dec 30[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: https://hyp3rlinx.altervista.org/advisories/IBMi_Navigator_HTTP_Security_Token_Bypass-CVE-2024-51464.txt [+] x.com/hyp3rlinx [+] ISR: ApparitionSec [Vendor]www.ibm.com [Product] Navigator for i is a Web console interface where you can perform the key tasks to administer your IBM i. IBM Navigator for i supports the vast majority of tasks that […]

Customers

Twitter FEED

Recent activity

SecureOnlineDesktop

Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
SecureOnlineDesktop

Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
SecureOnlineDesktop

Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
SecureOnlineDesktop

Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
SecureOnlineDesktop

Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF

{subscription_form_1}

Partners

Cloud Models

News

From Secure Online Desktop to Cyberfero: rebranding of the leading cybersecurity company May 6, 2024
NIS: what it is and how it protects cybersecurity April 22, 2024
Advanced persistent threats (APTs): what they are and how to defend yourself April 17, 2024
Penetration Testing and MFA: A Dual Strategy to Maximize Security April 15, 2024
Penetration Testing: Where to Strike to Protect Your IT Network March 25, 2024

Google Reviews

Secure Online Desktop s.r.l.

4.9

Based on 37 reviews

review us on

Omid Fazeli

06:59 20 Apr 18

They have a lot of solutions for any kind of business. Lower prices than many others. The support service is always active and efficient.

See All Reviews

Facebook

Secure Online Desktop s.r.l.

5.0

Based on 12 reviews

review us on

Paolo Raimondi

11:06 21 Apr 18

La Polimatica Progetti Srl, azienda di... cui sono titolare, collabora con soddisfazione da alcuni anni con Secure Online Desktop. L'Azienda è costituita da professionisti seri e competenti. Insieme a loro abbiamo costruito un sistema organizzato di soluzioni ICT, servizi e attività di consulenza per la compliance alla normativa in materia di protezione dei dati personali (GDPR).read more

Ilaria Miglietta

04:16 21 Apr 18

Servizi affidabili e di semplice... utilizzo. I loro tecnici molto attenti alle esigenze del cliente, continuate cosìread more

Francesca Marastoni

11:41 20 Apr 18

Excellent service company with... wonderful stuff. Highly recommended.

Ottima azienda, servizi molto utili, staff qualificato e competente. Raccomandata!read more

Alessio Liga

08:25 20 Apr 18

Servizi di alto livello, competenti e... disponibili a accettare nuove sfide per sviluppare business
Ottimo supportoread more

Matteo Revelli

22:39 19 Apr 18

Ottima azienda, offre servizi di alta... qualità con personale competente e disponibile.read more

Lorenzo Munari

16:25 19 Apr 18

Azienda molto seria e... affidabile.

E' un piacere poter collaborare con realtà di questo tiporead more

Francisco Amadi

10:41 19 Apr 18

Ho avuto il piacere di collaborare con... loro e spero vivamente che succeda di nuovo. Competenti, professionali, precisi e cordiali!read more

Davide Michelotto

07:42 19 Apr 18

Ottimo servizio, seri professionisti al... timone della società e celerità nei tempi di risposta, oltre ogni aspettativa.read more

Gabriele Petralia

12:28 18 Apr 18

Luca Prati

10:12 18 Apr 18

Azienda eccellente, consulenza... customizzata e puntuale.
Un ottimo fornitore.
Io personalmente ho parlato con l' Ing. Venuti, valore aggiunto indubbiamente.read more

Valerio Lezza

21:35 17 Apr 18

Daniela Cospito Di Leo

21:20 17 Apr 18

More Reviews

About

© 2024 Cyberfero s.r.l. All Rights Reserved. Sede Legale: via Statuto 3 - 42121 Reggio Emilia (RE) – PEC [email protected] Cod. fiscale e P.IVA 03058120357 – R.E.A. 356650 Informativa Privacy - Certificazioni ISO

Cloud Server

Web Hosting

Cloud Conference

Cloud CRM for Call Center

ICT consulting

ownCloud

BaaS | Cloud Backup | Backup as a Service

Log Management

ICT Monitoring Service

Next Generation SIEM

Ethical Phishing

Business VPN

Software development service

SEO services

Forum Web

Internal area

Business Continuity Audit

Vulnerability Assessment and Penetration test

GDPR & Privacy

Managed Service

Backup as a Service

Cloud CRM

Cloud Server/VPS

Cyberfero

Security

Web Hosting

ICT Monitoring

Log Management

Privacy

Events

Cyberfero – Company

Contacts

The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth

The data exfiltrated during a double extortion ransomware attack is not public. Let’s dispel a myth

Introduction

What is the dark web

Cybergangs also often publish unencrypted

Because cybergangs publish data in the clear

A million dollar business

Conclusion: prevention is better than cure

Share

RSS

More Articles…

Categories …

Tags

darkreading

Full Disclosure

Customers

Twitter FEED

Recent activity

Newsletter

Products and Solutions

Partners

Cloud Models

News

Google Reviews

Facebook

About