Every victim’s nightmare: Ransomware attackers are now doxing people who don’t pay up

Ransomware attacks are already a nightmare for many businesses and government agencies, and now security journalist Brian Krebs reports that some attackers are using another tool to make victims pay up: Publishing names and even sample stolen data from businesses that won’t pay the ransom.

The attacks typically encrypt files on target computers with a secret password, rendering them useless unless a ransom is paid, often in cryptocurrency. Victims have already had to weigh whether it’s worth paying the ransom, which can be substantial, or trying to restore data from backups.

Now, Krebs reports, some attackers, including the group behind the Maze ransomware variant, are trying to push more companies to pay up by leaking data on nonpayers. The Maze group has published the identities of several alleged victims, along with stolen files and IP addresses of target systems, Krebs reports. The group has been implicated in a recent ransomware attack on the Pensacola, Florida, city government.

Another group, behind a type of ransomware called Sodinokibi/rEvil, has also threatened to reveal data belonging to those who don’t pay up, threatening in a forum post cited by Krebs to expose victims to fines under Europe’s General Data Protection Regulation.

“GDPR,” wrote the group leader. “Do not want to pay us – pay x10 more times to the government. No problems.”

Ransomware has been increasingly disruptive to companies and governments in recent years. Last week, the Asbury Park Press reported that New Jersey hospital operator Hackensack Meridien Health paid a ransom of undisclosed size after its systems were disrupted by ransomware. New Orleans city websites remain offline, with traffic and municipal courts closed, after a ransomware attack last week forced employees to shut down their computers and Mayor LaToya Cantrell to declare a state of emergency.