ransomware
Image: Manthana Chaiwong, ZDNet

Ransomware gangs that steal a company's data and then get paid a ransom fee to delete it don't always follow through on their promise.

The number of cases where something like this has happened has increased, according to a report published by Coveware this week and according to several incidents shared by security researchers with ZDNet researchers over the past few months.

These incidents take place only for a certain category of ransomware attacks — namely those carried out by "big-game hunters" or "human-operated" ransomware gangs.

These two terms refer to incidents where a ransomware gang specifically targets enterprise or government networks, knowing that once infected, these victims can't afford prolonged downtimes and will likely agree to huge payouts.

But since the fall of 2019, more and more ransomware gangs began stealing large troves of files from the hacked organizations before encrypting the victims' files.

The idea was to threaten the victim to release its sensitive files online if the company wanted to restore its network from backups instead of paying for a decryption key to recover its files.

Some ransomware gangs even created dedicated portals called "leak sites[1]," where they'd publish data from companies that didn't want to pay.

Netwalker ransomware leak site
Image: ZDNet

If hacked companies agreed to pay for a decryption key, ransomware gangs also promised to delete the data they had stolen.

In a report[2] published this week, Coveware, a company that provides incident response services to hacked companies, said that half of the ransomware incidents it investigated in Q3 2020 had involved the theft of company data before files were encrypted, doubling the number of ransomware incidents preceded by data theft it saw in the previous quarter.

But Coveware says that these types of attacks have

Read more from our friends at ZDNet