TLP GREEN: Ransomware Data Leak Sites Report

A valued colleague is providing this daily ransomware tracker as TLP:GREEN for purposes of increasing ransomware threat awareness. The body of the email contains newly added victims since the last update.

The information provided in the report is pulled from threat actor data leak sites ‘as is,’ meaning, it is shared as it has been posted by the threat group. They have been known to make mistakes, have typos, mis-name victims, or use other language aside from the victim name. The report shares the information ‘as is’ and neither the source of the report, nor our team, goes to the individual sites to verify the information, though it can be (and we sometimes do) cross referenced with other reporting sources. Neither the originator of the report, nor our team, is in direct discussion w/ the threat actors. There are cyber threat intelligence firms that do engage in cybercrime forums and can provide additional perspective of victims and ongoing discussions occurring in those forums.

We share the report for recipient awareness. Often times, a victim may be a supplier or have another third or fourth party relationship with recipients. We hope that recipients look for those relationships and then are able to inquire directly as may be appropriate with the supposed victim.

By the time a victim is identified in the name and shame report, it is reasonable to assume they have been contacted by the threat group and have either elected not to make payment or that some other issue has led the group to disclose the victim publicly. Victims that pay do not usually have their data made available publicly. We have not seen a significant amount of incidents that were deliberately falsely reported by threat groups, though, as noted above, they have made mistakes.

Click on the PDF link below to view the full report, including victims.