Get The Latest Insights

By Jessica Ellis | January 7, 2021

The activist group known as Distributed Denial of Secrets (DDoSecrets) has published almost one terabyte of data originally leaked to dark web sites by ransomware operators. In addition, they are privately making another 1.9 terabytes of stolen data available to journalists or academic researchers. 

 
The data is just a portion of the terabytes of stolen emails, documents, and photos that DDoSecrets claims they will publish in the near future. Organizations affected include finance, pharmaceuticals, software, and manufacturing companies that have fallen victim to ransomware attacks. 
 
Stating their goal is to “serve and inform the public,” DDoSecrets claims that the information they are promoting and publishing is already exposed and that data leaked by ransomware groups often contains information that deserves to be scrutinized. 
 
Ransomware is increasingly becoming the top online threat to enterprises. Double Extortion tactics made their mark in 2020, with almost half of all attacks now extracting and publishing stolen data, rather than simply encrypting it. Operators are spending more time in compromised systems, demanding higher ransom payments, and leaking data through the dark web and auction sites.
 
The collection and publication of stolen data by DDoSecrets clearly illustrates why organizations affected by a ransomware attacks have more to worry about than negotiating a ransom payment. Extracted data is frequently exposed whether or not ransoms are paid. Data stolen in ransomware compromises may be on the road to a fast and much more public exposure via a third-party. 
 
DDoSecrets has been in the spotlight for publishing hacked documents in the past, including a 269-gigbyte collection of law enforcement files known as BlueLeaks. After a series of repercussions including a server seizure, they are now hosting a majority of their content on Tor protected sites. 
 
PhishLabs proactively protects against the delivery of ransomware and provides real-time response to mitigate risk. In addition, our external data leak intelligence monitors for exposure to formulate response strategies.
Additional Resources: