{
	"id": "6c83e0dc-62cf-43bb-acb6-7f53c71732c7",
	"created_at": "2026-04-06T00:22:30.576544Z",
	"updated_at": "2026-04-10T13:13:02.067568Z",
	"deleted_at": null,
	"sha1_hash": "63f26849647da2560c2398df6179ecc620598ecd",
	"title": "Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 339540,
	"plain_text": "Ransomware Gangs Now Outing Victim Businesses That Don’t Pay\r\nUp\r\nPublished: 2019-12-18 · Archived: 2026-04-05 23:22:15 UTC\r\nAs if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have\r\nsignaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one\r\nransomware gang has now created a public Web site identifying recent victim companies that have chosen to\r\nrebuild their operations instead of quietly acquiescing to their tormentors.\r\nThe message displayed at the top of the Maze Ransomware public shaming site.\r\nLess than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public\r\nInternet, and it currently lists the company names and corresponding Web sites for eight victims of their malware\r\nthat have declined to pay a ransom demand.\r\n“Represented here companies dont wish to cooperate with us, and trying to hide our successful attack on their\r\nresources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the\r\nnews!”\r\nKrebsOnSecurity was able to verify that at least one of the companies listed on the site indeed recently suffered\r\nfrom a Maze ransomware infestation that has not yet been reported in the news media.\r\nThe information disclosed for each Maze victim includes the initial date of infection, several stolen Microsoft\r\nOffice, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as\r\nwell as the IP addresses and machine names of the servers infected by Maze.\r\nAs shocking as this new development may be to some, it’s not like the bad guys haven’t warned us this was\r\ncoming.\r\n“For years, ransomware developers and affiliates have been telling victims that they must pay the ransom or stolen\r\ndata would be publicly released,” said Lawrence Abrams, founder of the computer security blog and victim\r\nassistance site BleepingComputer.com. “While it has been a well-known secret that ransomware actors snoop\r\nthrough victim’s data, and in many cases steal it before the data is encrypted, they never actually carried out their\r\nthreats of releasing it.”\r\nAbrams said that changed at the end of last month, when the crooks behind Maze Ransomware threatened Allied\r\nUniversal that if they did not pay the ransom, they would release their files. When they did not receive a\r\npayment, they released 700MB worth of data on a hacking forum.\r\nhttps://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/\r\nPage 1 of 2\n\n“Ransomware attacks are now data breaches,” Abrams said.\r\n“Ransomware attacks are now data breaches,” Abrams said. “During ransomware attacks, some threat actors have\r\ntold companies that they are familiar with internal company secrets after reading the company’s files. Even though\r\nthis should be considered a data breach, many ransomware victims simply swept it under the rug in the hopes that\r\nnobody would ever find out. Now that ransomware operators are releasing victim’s data, this will need to change\r\nand companies will have to treat these attacks like data breaches.”\r\nThe move by Maze Ransomware comes just days after the cybercriminals responsible for managing the\r\n“Sodinokibi/rEvil” ransomware empire posted on a popular dark Web forum that they also plan to start using\r\nstolen files and data as public leverage to get victims to pay ransoms.\r\nThe leader of the Sodinokibi/rEvil ransomware gang promising to name and shame victims publicly in a recent\r\ncybercrime forum post. Image: BleepingComputer.\r\nThis is especially ghastly news for companies that may already face steep fines and other penalties for failing to\r\nreport breaches and safeguard their customers’ data. For example, healthcare providers are required to report\r\nransomware incidents to the U.S. Department of Health and Human Services, which often documents breaches\r\ninvolving lost or stolen healthcare data on its own site.\r\nWhile these victims may be able to avoid reporting ransomware incidents if they can show forensic evidence\r\ndemonstrating that patient data was never taken or accessed, sites like the one that Maze Ransomware has now\r\nerected could soon dramatically complicate these incidents.\r\nSource: https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/\r\nhttps://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/"
	],
	"report_names": [
		"ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up"
	],
	"threat_actors": [],
	"ts_created_at": 1775434950,
	"ts_updated_at": 1775826782,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/63f26849647da2560c2398df6179ecc620598ecd.pdf",
		"text": "https://archive.orkl.eu/63f26849647da2560c2398df6179ecc620598ecd.txt",
		"img": "https://archive.orkl.eu/63f26849647da2560c2398df6179ecc620598ecd.jpg"
	}
}