Numerous ransomware families are adopting the new tactic of leaking stolen data of non-paying victims.

After Maze created a website to publish stolen data of their victims, other ransomware families swiftly followed too. 

According to BleepingComputer, in the space of two days, three ransomware families have now launched their own data leak sites.

Nefilim Ransomware launched “Corporate Leaks” to dump the data of those who do not pay their ransom. Nefilim is said to share the same code as Nemty 2.5, however unlike Nemty, Nefilim has removed the Ransomware-as-a-Service (RaaS) component and now relies on email communications for payments. 

Currently Nefilim has listed two companies on their site. 

The second ransomware family to release a data leak site is the CLOP Ransomware. The site “CL0P^_- LEAKS” currently lists four different companies. 

CLOP made news after attacking Maastricht University to which the university paid 30 bitcoins to recover their data. 

The third ransomware family is Sekhmet, a relatively new ransomware. Currently, their site, “Leaks leaks and leaks,” lists one company.