Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about stolen data.
A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.
If a victim does not pay the ransom, the threat actors will publicly post the data on data leak sites created to shame the victim.
This tactic is being conducted by almost all ransomware operations, including Maze, REvil, Netwalker, DoppelPaymer, CLOP, RagnarLocker, Nephilim, Ako, and others.
full article on https://www.bleepingcomputer.com/news/security/companies-start-reporting-ransomware-attacks-as-data-breaches/
#databreach #ransomware #yokdata #gdpr