Scam PSA Ransomware gangs dont always delete stolen data when paid

pPayouts King ransomware uses QEMU VMs to bypass endpoint securityppApple account change alerts abused to send phishing emailsppCritical flaw in Protobuf library enables JavaScript code executionppNIST to stop rating nonpriority flaws due to volume increaseppVercel confirms breach as hackers claim to be selling stolen datappApple account change alerts abused to send phishing emailsppNIST to stop rating nonpriority flaws due to volume increaseppEdit convert and sign PDFs fast with this 40 lifetime toolppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppRansomware gangs are increasingly failing to keep their promise to delete stolen data after a victim pays a ransomppIn 2019 the Maze ransomware group introduced a new tactic known as doubleextortion which is when attackers steal unencrypted files and then threaten to release them publicly if a ransom is not paidppNow not only are victims being extorted through the encryption of their files but also by the risk of their data being published and causing a data breachppThis tactic was quickly adopted by other ransomware operations who began to create data leak sites used to publish victims stolen filesppAs part of this doubleextortion tactic most ransomware operations require a victim to pay a single ransom that will provide both a decryptor for their encrypted files and a promise not to share and to delete stolen filesppSome ransomware operations like AKORanzy demand two ransom payments one for the decryptor and another not to publish stolen datappIn the Coveware Q3 2020 ransomware report released today we learn that some ransomware gangs do not keep their promise to delete stolen data after a ransom is paidppAccording to the new report certain groups are leaking stolen data after a ransom was paid using fake data as proof of deletion or even reextorting a victim using the same data that was paid not to be releasedppSodinokibi Victims that paid were reextorted weeks later with threats to post the same data setppNetwalker Data posted of companies that had paid for it not to be leakedppMespinoza Data posted of companies that had paid for it not to be leakedppConti Fake files are shown as proof of deletionppMaze Sekhmet and Egregor who appear to be all related were also mentioned as having a problem keeping data secret after getting paid In a conversation with BleepingComputer Covewares CEO Bill Siegel explained that as Maze grew larger their operation became disorganized and the victims data was mistakenly posted on the data leak siteppSiegel also told BleepingComputer that Conti used filesharing sites to share proof of stolen data with victims When uploading data to these sites removal links are also generated that allow anyone with the link to remove the uploaded datappAccording to Siegel Conti provided victims fake removal links after a ransom was paid that contained dummy data and not the victims actual data These links were meant to trick the victim into thinking their data was deleted when in reality Conti continued to hold on to the datappUnlike a ransomware decryptor which a threat actor cant take away once given there is no way for a victim to know for sure if a ransomware operation is deleting stolen data after a ransom payment is madeppDue to this Coveware told BleepingComputer that it does not make sense to pay a ransom as there is no way to know for sure it will not be used to extort you further in the futureppWith this in mind Coveware tells victims to expect the following if they do decide to pay so their data is not releasedppThe data will not be credibly deleted Victims should assume it will be traded to other threat actors sold or held for a secondfuture extortion attemptppStolen data custody was held by multiple parties and not secured Even if the threat actor deletes a volume of data following a payment other parties that had access to it may have made copies so that they can extort the victim in the futureppThe data may get posted anyway by mistake or on purpose before a victim can even respond to an extortion attemptppCompanies should automatically assume that their data has been shared among multiple threat actors and that it will be used or leaked in some manner in the future regardless of whether they paidppInstead companies should treat the attack as a data breach and properly inform all customers employees and business partners that their data was stolen as required by lawppDoing this makes the companies look better for trying to do the right thing and gives those who were exposed the ability to monitor and protect their accounts from fraudppAI chained four zerodays into one exploit that bypassed both renderer and OS sandboxes A wave of new exploits is comingppAt the Autonomous Validation Summit May 12 14 see how autonomous contextrich validation finds whats exploitable proves controls hold and closes the remediation loopppPaint maker giant AkzoNobel confirms cyberattack on US siteppPayouts King ransomware uses QEMU VMs to bypass endpoint securityppNAKIVO v112 Ransomware Defense Faster Replication vSphere 9 and Proxmox VE 90 SupportppHealthcare IT solutions provider ChipSoft hit by ransomware attackppMicrosoft links Medusa ransomware affiliate to zeroday attacksppJust more reasons for businesses not to pay the ransomppNot a member yet Register NowppVercel confirms breach as hackers claim to be selling stolen datappRecently leaked Windows zerodays now exploited in attacksppMicrosoft Some Windows servers enter reboot loops after April patchesppAI is a databreach time bomb Read the new reportppRead this new guide to AI adoption for IT and security teams before investing in AI tools ppFrom vehicle research to cyber defense NMFTA leads with cybersecurity research threat insights and practical resources Learn MoreppCredit card fraud is getting more structured are you monitoring the sourcesppOverdue a password healthcheck Audit your Active Directory for freeppNAKIVO Backup Replication v112 brings realtime replication and ransomware resilience See the full releaseppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2026 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp