New ransomware, BitPyLock, threatens to release stolen data unless the ransom is paid.
An analysis by BleepingComputer found that BitPyLock will attempt to terminate any processes containing the following strings; backup, cobain, drop, drive and more. This is done in order to shut down security software and close files being used by backup software, virtual machines, and databases in order for it to be encrypted.
With eached encrypt file, the ransomware will append the .bitpy extension, and within each folder a ransom note will be created, instructing users to send a bitcoin ransom to the enclosed bitcoin address.
The victim is then instructed to email the listed address to receive the decryptor.
First uncovered by MalwareHunterTeam on January 9, the threat actors behind BitPyLock are now stealing data before encrypting them. The data will be released if the ransom payment is not paid.
“From the end of December, already seen victims (of the confirmed ones, all companies, but that’s no surprise) from multiple countries. The interesting/strange is that the biggest amount asked wasn’t even 5 BTC, compared to the big and bigger amounts other actors ask.” said MalwareHunterTeam.
The Nemty ransomware has also announced that it will create a blog to publish stolen data from ransomware victims who refuse to pay the ransom. In addition, both Sodinokibi and Maze ransomware are also utilising this new tactic.
If this extortion method is successful, more and more threat actors will start adopting this new tactic, negatively impacting organisations and its consumers.
The post #Privacy: New ransomware threatens to publish stolen data appeared first on PrivSec Report.