{
	"id": "648316d3-8f82-4bca-ab3f-4a86619dd8e9",
	"created_at": "2026-04-06T00:07:03.375563Z",
	"updated_at": "2026-04-10T03:21:25.939088Z",
	"deleted_at": null,
	"sha1_hash": "d5fcbf6647c170a9afa7d4131ab8bfba7f51e5dc",
	"title": "Three More Ransomware Families Create Sites to Leak Stolen Data",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2047397,
	"plain_text": "Three More Ransomware Families Create Sites to Leak Stolen Data\r\nBy Lawrence Abrams\r\nPublished: 2020-03-24 · Archived: 2026-04-05 17:27:20 UTC\r\nThree more ransomware families have created sites that are being used to leak the stolen data of non-paying victims and\r\nfurther illustrates why all ransomware attacks must be considered data breaches.\r\nEver since Maze created their \"news\" site to publish stolen data of their victims who choose not to pay, other ransomware\r\nactors such as Sodinokibi/REvil, Nemty, and DoppelPaymer have been swift to follow.\r\nOver the past two days, BleepingComputer has learned of another three ransomware families who have now launched\r\ntheir data leak sites, which are listed below.\r\nhttps://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nWhile we have been saying it for a long time, with the continued release of data leak sites, ransomware attacks must be\r\ntreated as data breaches now that the personal and private data of employees is being published online.\r\nTo make matters worse, other threat actors are taking the data exposed in these leaks and selling it on hacker forums so it\r\ncan be utilized in other attacks.\r\nNefilim Ransomware\r\nThe Nefilim Ransomware has launched a site called \"Corporate Leaks\" that is being used to dump the data of victims who\r\ndo not pay a ransom.\r\nNefilim is fairly new and is believed to be a new version of the Nemty Ransomware.\r\nNefilim Ransomware Leak Site\r\nThis leak site currently lists two companies who both are involved with energy or resources.\r\nCLOP Ransomware\r\nThe CLOP Ransomware has also released a leak site called \"CL0P^_- LEAKS\" that they are using to publish stolen data for\r\nnon-paying victims.\r\nThe CLOP Ransomware made news recently after it attacked the Maastricht University and was paid 30 bitcoins to recover\r\ntheir data.\r\nhttps://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nPage 3 of 5\n\nCLOP Leak Site\r\nThe site currently lists four different companies whose data has been released.\r\nSekhmet Ransomware\r\nFinally, a relatively new ransomware called Sekhmet has also released a data leak site called \"Leaks leaks and leaks\".\r\nNot much is known about this ransomware other than that their ransom note is named \"RECOVER-FILES.txt\".\r\nhttps://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nPage 4 of 5\n\nSekhmet Leak Site\r\nTheir leak site only lists one company at this time.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nhttps://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/"
	],
	"report_names": [
		"three-more-ransomware-families-create-sites-to-leak-stolen-data"
	],
	"threat_actors": [],
	"ts_created_at": 1775434023,
	"ts_updated_at": 1775791285,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d5fcbf6647c170a9afa7d4131ab8bfba7f51e5dc.pdf",
		"text": "https://archive.orkl.eu/d5fcbf6647c170a9afa7d4131ab8bfba7f51e5dc.txt",
		"img": "https://archive.orkl.eu/d5fcbf6647c170a9afa7d4131ab8bfba7f51e5dc.jpg"
	}
}