Two ransomware gangs and a data extortion group have adopted a new strategy to force victim companies to pay threat actors to not leak stolen data.
The new tactic consists in adding a search function on the leak site to make it easier to find victims or even specific details.
This tactic might become the norm going forward as companies are still lagging when it comes to access control and limiting blast radius.
It looks like right now the query features aren’t fully fleshed out and there’s still a significant gap between the victims (users with their private data) and the actions of companies that are breached. While bad actors might be using this as an impetus to chase paydays, companies might truly feel pressure from their users in the form of lawsuits or more to protect their data.
I foresee legal battles in the future. A sobering thought might be that ransomware gangs will find a way to target lawmakers to force lawmakers to pass even more stringent regulations and requirements for companies to protect user data.
