{
	"id": "c3cfd038-7439-408e-b0ba-1ceb44ce8378",
	"created_at": "2026-04-06T00:09:09.053868Z",
	"updated_at": "2026-04-10T13:12:11.63701Z",
	"deleted_at": null,
	"sha1_hash": "c88cb10d449460be0b80922cd12f9a1ec5530029",
	"title": "Another Ransomware Will Now Publish Victims' Data If Not Paid",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2139319,
	"plain_text": "Another Ransomware Will Now Publish Victims' Data If Not Paid\r\nBy Lawrence Abrams\r\nPublished: 2019-12-12 · Archived: 2026-04-05 14:55:22 UTC\r\nThe operators of the REvil Ransomware, otherwise known as Sodinokibi, have announced that they will use stolen files and\r\ndata as leverage to get victims to pay ransoms.\r\nA new tactic by ransomware developers is to release a victim's data if they do not pay the ransom. While we have seen these\r\nthreats in the past, only recently have Ransomware operators, such as Maze, actually followed through.\r\nIn a new post to a Russian malware and hacker forum shared with us by security researcher Damian, the public-facing\r\nrepresentative of the REvil ransomware known as UNKN states that a new \"division\" has been created for large operations.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThey claim that a recent operation from this group is the attack against the CyrusOne data center that was reported last\r\nweek. As part of this operation, UNKN claims that they have stolen files from the company before encrypting their network.\r\nREvil goes on to say that if a company does not pay the ransom, the ransomware actors will publicly release the stolen data\r\nor sell it to competitors. It is in their opinion that this would be more costly to the victim than paying the ransom.\r\nForum post by REvil operator\r\nThe original Russian text from the above post is below:\r\nЕсли не отвечаем - значит не интересны. Либо мест нет.\r\nМы открыли отдельное подразделение, которое занимается крупными операциями. Неделю назад был осуществлен до\r\nОчень странно, что cdhfund.com до сих пор молчат. Они также были подвержены атаке, все данные скопированы и за\r\nThe English translation via Google Translate can also be read below:\r\nIf we don’t answer, then it’s not interesting. Or there are no places.\r\nWe have opened a separate division, which is engaged in large operations. A week ago, access to CyrusOne was made. Judging\r\nIt is very strange that cdhfund.com is still silent. They were also susceptible to attack, all data was copied and encrypt\r\nRansomware attacks are now data breaches\r\nFor years, ransomware developers and affiliates have been telling victims that they must pay the ransom or stolen data\r\nwould be publicly released.\r\nWhile it has been a well-known secret that ransomware actors snoop through victim's data, and in many cases steal it before\r\nthe data is encrypted, they never actually carried out their threats of releasing it.\r\nThis all changed at the end of November when Maze Ransomware threatened Allied Universal that if they did not pay the\r\nransom, they would release their files. When they did not receive a payment, they released 700MB worth of data on a\r\nhacking forum.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nPage 3 of 5\n\nPublic disclosure of Allied Universal data\r\nDuring ransomware attacks, some threat actors have told companies that they are familiar with internal company secrets\r\nafter reading the company's files. Even though this should be considered a data breach, many ransomware victims simply\r\nswept it under the rug in the hopes that nobody would ever find out.\r\nNow that ransomware operators are releasing victim's data, this will need to change and companies will have to treat these\r\nattacks like data breaches.\r\nThis is because employee medical records, personal information, termination letters, salaries, and much more can potentially\r\nbe disclosed. Furthermore, if any third-party information is stolen, which is highly likely, then that requires further\r\ndisclosure as well.\r\nIt is too soon to say whether these new tactics will push companies to treat ransomware attacks like data breaches, but as\r\nmore ransomware developers publish stolen documents, we can expect lawsuits and public concern to rise.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/"
	],
	"report_names": [
		"another-ransomware-will-now-publish-victims-data-if-not-paid"
	],
	"threat_actors": [],
	"ts_created_at": 1775434149,
	"ts_updated_at": 1775826731,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c88cb10d449460be0b80922cd12f9a1ec5530029.pdf",
		"text": "https://archive.orkl.eu/c88cb10d449460be0b80922cd12f9a1ec5530029.txt",
		"img": "https://archive.orkl.eu/c88cb10d449460be0b80922cd12f9a1ec5530029.jpg"
	}
}