# Three More Ransomware Families Create Sites to Leak Stolen Data **[bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/](https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/)** Lawrence Abrams By [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) March 24, 2020 07:23 PM 0 Three more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and further illustrates why all ransomware attacks must be considered data breaches. Ever since Maze created their "news" site to publish stolen data of their victims who choose [not to pay, other ransomware actors such as Sodinokibi/REvil,](https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-posts-alleged-data-of-kenneth-cole-fashion-giant/) [Nemty, and](https://www.bleepingcomputer.com/news/security/nemty-ransomware-punishes-victims-by-posting-their-stolen-data/) [DoppelPaymer](https://www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/) have been swift to follow. Over the past two days, BleepingComputer has learned of another three ransomware families who have now launched their data leak sites, which are listed below. While we have been saying it for a long time, with the continued release of data leak sites, ransomware attacks must be treated as data breaches now that the personal and private data of employees is being published online. To make matters worse, other threat actors are taking the data exposed in these leaks and [selling it on hacker forums so it can be utilized in other attacks.](https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-data-leaks-now-sold-on-hacker-forums/) ## Nefilim Ransomware ----- The [Nefilim Ransomware has launched a site called Corporate Leaks that is being used to](https://www.bleepingcomputer.com/news/security/new-nefilim-ransomware-threatens-to-release-victims-data/) dump the data of victims who do not pay a ransom. Nefilim is fairly new and is believed to be a new version of the Nemty Ransomware. **Nefilim Ransomware Leak Site** This leak site currently lists two companies who both are involved with energy or resources. ## CLOP Ransomware The [CLOP Ransomware has also released a leak site called "CL0P^_- LEAKS" that they](https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/) are using to publish stolen data for non-paying victims. The CLOP Ransomware made news recently after it attacked the Maastricht University and [was paid 30 bitcoins to recover their data.](https://www.bleepingcomputer.com/news/security/ta505-hackers-behind-maastricht-university-ransomware-attack/) ----- **CLOP** **Leak Site** The site currently lists four different companies whose data has been released. ## Sekhmet Ransomware Finally, a relatively new ransomware called Sekhmet has also released a data leak site called "Leaks leaks and leaks". Not much is known about this ransomware other than that their ransom note is named "RECOVER-FILES.txt". ----- **Sekhmet Leak Site** Their leak site only lists one company at this time. ### Related Articles: [Industrial Spy data extortion market gets into the ransomware game](https://www.bleepingcomputer.com/news/security/industrial-spy-data-extortion-market-gets-into-the-ransomware-game/) [New RansomHouse group sets up extortion market, adds first victims](https://www.bleepingcomputer.com/news/security/new-ransomhouse-group-sets-up-extortion-market-adds-first-victims/) [Quantum ransomware seen deployed in rapid network attacks](https://www.bleepingcomputer.com/news/security/quantum-ransomware-seen-deployed-in-rapid-network-attacks/) [Karakurt revealed as data extortion arm of Conti cybercrime syndicate](https://www.bleepingcomputer.com/news/security/karakurt-revealed-as-data-extortion-arm-of-conti-cybercrime-syndicate/) [Snap-on discloses data breach claimed by Conti ransomware gang](https://www.bleepingcomputer.com/news/security/snap-on-discloses-data-breach-claimed-by-conti-ransomware-gang/) [Clop](https://www.bleepingcomputer.com/tag/clop/) [Data Exfiltration](https://www.bleepingcomputer.com/tag/data-exfiltration/) [Extortion](https://www.bleepingcomputer.com/tag/extortion/) [Nefilim](https://www.bleepingcomputer.com/tag/nefilim/) [Ransomware](https://www.bleepingcomputer.com/tag/ransomware/) [Lawrence Abrams](https://www.bleepingcomputer.com/author/lawrence-abrams/) ----- Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence s area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. [Previous Article](https://www.bleepingcomputer.com/news/hardware/hpe-warns-of-new-bug-that-kills-ssd-drives-after-40-000-hours/) [Next Article](https://www.bleepingcomputer.com/news/software/mozilla-firefox-gets-a-https-only-mode-for-more-secure-browsing/) Post a Comment [Community Rules](https://www.bleepingcomputer.com/posting-guidelines/) You need to login in order to post a comment [Not a member yet? Register Now](https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=register) ### You may also like: -----