Larry Abrams at Bleepingcomputer correctly observed: "Corporate victims are finally starting to realize that ransomware attacks are data breaches and have begun to notify employees and clients about data stolen data.
A tactic used by almost all enterprise-targeting ransomware is to steal unencrypted files before encrypting a breached network. The threat actors then use these stolen files as leverage by threatening to leak or sell the data if a ransom is not paid.
If a victim does not pay the ransom, the threat actors will publicly post the data on data leak sites created to shame the victim. This tactic is being conducted by almost all ransomware operations, including Maze, REvil, Netwalker, DoppelPaymer, CLOP, RagnarLocker, Nephilim, Ako, and others.
Ransomware attacks are data breaches
The data stolen in these attacks can be damaging to a company as it commonly includes financials, trade secrets, unpublished reports, and emails.
It can also, though, be a massive problem for employees whose social security numbers, passports, medical records, termination letters, bank accounts, salary information, and more are stolen in these attacks. Unfortunately, many companies choose to sweep ransomware attacks under the rug and do not adequately disclose that personal data was stolen, even to employees who were affected.
Numerous times in the past, employees of ransomware attacks have contacted BleepingComputer to learn more about what was stolen in an attack because the company they work for was denying it. "Can you share what was stolen? We were just told that there were IT problems and they are denying any attack," an employee of a breached company asked BleepingComputer.
Another employee contacted us after a company was hit with a ransomware attack where data was stolen and told us that their company was not providing any information.
"I have not received any word from anyone about the data breach. Management has been very quiet," another employee told BleepingComputer in an email.
The denial of stolen data is not fair to employees, as the attackers could use their stolen personal information for identity theft and fraud. If an employee does not know what happened, they have no way to protect themselves.
Ransomware victims start issuing data breach notifications
The good news is that corporate victims are finally starting to issue data breach notifications when affected by a ransomware attack. In addition, most of them offer free credit monitoring and identity theft protection to affected employees and clients so that they can be alerted if their data is used publicly or for fraud." Continued: