Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches
Fraud Management & Cybercrime
,
Ransomware
Repeat Shakedown Tactic: Victims Told to Pay Up or Else They’ll Pay Massive Fines
Money is a great inducement to innovation. That includes – maybe especially so – ransomware groups whose attempts to squeeze dollars from data lead to no end of novel technical and business techniques.
See Also: Live Webinar | Unmasking Pegasus: Understand the Threat & Strengthen Your Digital Defense
Enter Ransomed, a group that only launched Aug. 15 but which has already made a name for itself by extorting victims with this threat: Pay us a ransom to stay quiet, or we’ll rat you out to your friendly neighborhood European privacy regulator. As a sweetener, the group tells victims that their ransom demand is only a fraction of the fines they’d pay for violating the EU’s General Data Protection Regulation for the data breach.
The group claims it targets large organization, demanding ransoms of between $53,000 to $215,000, which is far below what it says their GDPR penalty is likely to be, threat intelligence firm Flashpoint reported.
Whether or not any victims have chosen to take GDPR compliance or other legal advice from these stress-inducers remains unclear.
The same goes for victims of groups that have previously named-dropped GDPR in their ransom notes. Since 2022, that’s included post-Conti spinoff Alphv/BlackСat, joined this year by newcomers NoEscape and the Cloak extortion group, which has been tied to Good Day ransomware, reported threat intelligence firm Kela.
Like most ransomware groups, Alphv…
