
Ransomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransom.
In 2019, the Maze ransomware group introduced a new tactic known as double-extortion, which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paid.
Now, not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breach.
This tactic was quickly adopted by other ransomware operations, who began to create data leak sites used to publish victims’ stolen files.
As part of this double-extortion tactic, most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen files.
Some ransomware operations, like AKO/Ranzy, demand two ransom payments, one for the decryptor and another not to publish stolen data.