Ransomware attacks have recently diversified, leading to unusual consequences, such as data breaches. A hacker group published a list containing the names of at least 280 companies that have suffered ransomware infections carried out by a total of 12 different hacking groups. The list was published on a dark web platform and has already been picked up by multiple cybersecurity specialists.
The list specifies on behalf of the affected company and the ransomware variant used in the attack.
Notable names include Brown-Forman Corporation, the company that owns brands such as Jack Daniel’s and Finland, whose managers recently recognized an infection of the REvil ransomware (also known as Sodinokibi). In addition to the malware infection, the company suffered the theft of at least 1 TB of confidential information, including business data, employee information, financial documents and internal communications.
Another company whose name is listed is MaxLinear, a system over crystal (SoC) manufacturer that was the victim of operators of the Maze ransomware variant last June. Threat actors encrypted some of the company’s systems, as well as exposing more than 10 GB of sensitive information, although attackers claim they managed to extract 1 TB of MaxLinear.
Cybersecurity specialists have pointed out this growing trend in which ransomware operators steal sensitive information before encrypting their victims’ systems. The compromised information is posted on hacking forums as a way to force companies to pay the ransom.
The list published by the hackers highlights the inclusion of Conti, a variant of encryption malware allegedly developed by Ryuk operators that has been detected in multiple recent attacks.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.