/>
X

Here's a list of all the ransomware gangs who will steal and leak your data if you don't pay

Ransomware gangs are getting more aggressive these days about pursuing payments and have begun stealing and threatening to leak sensitive documents if victims don't pay the requested ransom demand.
catalin-cimpanu.jpg
Written by Catalin Cimpanu, Contributor on

Starting with late 2019 and early 2020, the operators of several ransomware strainshave begun adopting a new tactic.

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

Also: Why SMBs are especially vulnerable to attacks TechRepublic

If the victim -- usually a large company -- refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident.

Companies who may try to keep the incident under wraps, or who may not want intellectual property leaked online, where competitors could get, will usually cave in and pay the ransom demand.

While initially the tactic was pioneered by the Maze ransomware gang in December 2019, it is now becoming a widespread practice among other groups as well.

At the time of writing, ZDNet has identified nine ransomware operations that are currently running or have maintained a "leak site," either on the dark web, or the public internet.

Below is a list of all ransomware "leak sites," in alphabetical order, which we'll maintain going forward, as an index of all groups that engage in this tactic. We will not be linking to any of these sites, nor will we be listing any past or present victims. This lists exists solely for the purpose of letting victim companies know that in the case of an infection with any of the ransomware strains listed below that they should treat the incident as a classic data breach where data has been exfiltrated and has reached a third-party's hands, rather than just a ransomware were data was merely encrypted but never left a victim's network.

Ako (rebranded as Ranzy)

ako-ransomware-leak-site.png
Image: ZDNet
ranzy-ransomware-leak-site.png
Image: ZDNet

Avaddon

Avaddon ransomware leak site
Image: ZDNet

Babuk Locker

Babuk Locker ransomware leak site
Image: ZDNet

CLOP

Clop ransomware leak site
Image: ZDNet

Conti

conti-leak.png
Image: ZDNet

Cuba

Cuba ransomware leak site
Image: ZDNet

Darkside

darkside-ransomware-leak-site.png
Image: ZDNet

DoppelPaymer

DopplePaymer ransomware leak site
Image: ZDNet

Egregor

Egregor ransomware leak site
Image: ZDNet

Everest (Everbe)

everest-rasnomware-leak-site.png
Image: ZDNet

LockBit

LockBit ransomware leak site
Image: ZDNet

Maze

Maze ransomware leak site
Image: ZDNet

Mespinoza (Pysa)

Mespinoza / Pysa ransomware leak site
Image: ZDNet

Mount Locker

mount locker ransomware leak site
Image: ZDNet

Nefilim

Nefilim ransomware leak site
Image: ZDNet

Nemty

nemty-ransomware-leak-site.png
Image: ZDNet

NetWalker

Netwalker ransomware leak site
Image: ZDNet

RagnarLocker

RagnarLocker ransomware leak site
Image: ZDNet

RansomExx (Defray777)

RansomExx ransomware leak site
Image: ZDNet

REvil (Sodinokibi)

REvil ransomware leak site
Image: ZDNet

Sekhmet

Sekhmet ransomware leak site
Image: ZDNet

Snatch

The Snatch ransomware gang's "leak site" has been down for weeks. It is unclear if the group has abandoned the leaking files from infected hosts, or has moved it to a secret new URL.

SunCrypt

SunCrypt ransomware leak site
Image: ZDNet

The world's most famous and dangerous APT (state-developed) malware

Related

Most Brazilian companies don't pay to get data back after ransomware attacks
shutterstock-ransomware-malware-security-concept

Most Brazilian companies don't pay to get data back after ransomware attacks

Security
This phishing attack delivers three forms of malware. And they all want to steal your data
Man looking at laptop screen at home

This phishing attack delivers three forms of malware. And they all want to steal your data

Security
Get the tiny speaker that provides a unique audio experience for only $27
replace-this-image.jpg

Get the tiny speaker that provides a unique audio experience for only $27

Deals