Ransomware and extortion attacks have never been more costly or complex to manage. Groups are continuously evolving new tactics to ramp up the pressure on victims to pay, and double extortion is a popular example of this. While encrypted information can sometimes be painstakingly retrieved from back ups, the consequences of this data being publicly exposed on data leak blogs can be far harder to mitigate. Your organization needs timely insight into the information these adversaries have released on their blogs more than ever before. Intel 471 is proud to announce that with our latest data leak blogs collection enhancement, you can take the preventative action needed to mitigate the impact on your assets.
Double extortion is a popular tactic ransomware and extortion groups employ. Traditionally, these groups encrypt their victim’s data or operating systems, rendering the organization unable to access these valuable assets until a ransom is paid. Double extortion takes this one step further: the cybercriminals not only encrypt data, but also exfiltrate it and threaten to sell it or leak it publicly on data leak blogs and sites. This ramps up the pressure for victims to pay. Not only do they require a decryption key, but they also seek the prevention of this information being leaked publicly to avoid greater legal penalties, further erosion of stakeholder trust and attackers using it to commit further cyber incidents.
We’ve enhanced our data leak blogs collection framework to bring new functionality and insight to victims of ransomware and extortion attacks. These include:
While it isn’t a new tactic, double extortion stood out in 2023 when the CLOP extortion group used it during the exploitation of the MOVEit vulnerability to impact more than 100 victims across the world. The effectiveness of the group’s attacks and the publicity it drew are only likely to encourage other cyber adversaries to utilize the double extortion tactic to emulate the group’s success. As a result, it’s never been more important to have visibility of the data made available on these resources in a timely manner.
By examining the file listings within blog posts, you will be able to verify exactly what files have been leaked. With double extortion, there’s also no guarantee that the attackers will delete the stolen data after receiving payment, perpetuating the risk attached to the exposed information. With Intel 471, you can now set watchers to be alerted when threat actors have removed files. Gaining greater insight into the extent of the exposure will allow you to better understand how best to implement incident response and the action that must be taken to mitigate the damage.
When a ransomware or extortion attack occurs, timely awareness and response are crucial to effectively mitigate its effects. Our enhanced collection means data leak blog information is collected faster. This means you receive near-real-time alerts upon the identification of relevant data, so you can respond to an incident as it unfolds.
You’ll also be able to identify when data connected to your third-party vendors, suppliers and others appears within data leak blogs. Due to the level of interconnectivity between you and your third parties, you may find that a third-party leak also contains information relating to your own assets, such as credentials or personally identifiable information (PII). By identifying your data within a third-party leak, Intel 471’s enhancement ensures you have the early warning to manage this risk with immediacy.
What’s more, threat actors commonly target third parties with weaker cybersecurity protocols and use them as a stepping stone to gain easy access to your organization. They also target vendors supplying a wide range of customers so they can maximize the outcome of their efforts by impacting multiple victims at once. A leak of third-party data could therefore offer cybercriminals the initial access they need to your third party to begin a targeted attack on your own organization. Our data leak blogs enhancement gives you the leg up you need to protect against a cyber incident via your third parties.
It’s not if a ransomware attack will strike, but when. As organizations around the world find themselves pitted against such tactics, knowledge and speed are the key differentiators when it comes to determining the success of mitigation. With our data leak blogs enhancement, we are proud to unlock the insight and rapid action you need to respond to these attacks with confidence.
The disruption of the XSS cybercrime forum and arrest of its administrator in Ukraine in July 2025 has shook Russian-speaking cybercriminal communities to their core and raised questions if the forum can recover.
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
Pro-Russian hacktivism campaigns continued to be directed at countries and entities supporting Ukraine. Here's a briefing about new hacktivist groups and the risks the groups pose.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.