Transparency activists Distributed Denial of Secrets (DDoSecrets) recently incited a massive data leak revealing the information of corporate entities that fell victim to ransomware, said Wired. The one-terabyte file contains the info of thousands of victims.
The file revealed over 750,000 emails, images, and documents from five companies that fell victim to a ransomware attack and failed to make the payment.
Another 1.9 terabytes worth of info is also being offered to journalists and academic researchers for private sharing. This second trove is composed of info from around 12 other companies.
The leak encompasses a whole lot of industries including manufacturing, software retail, finance, real estate, oil and gas, and pharmaceuticals.
DDoSecrets, a successor of transparency activist WikiLeaks, gathered data from data dumps left by ransomware groups when victims do not pay the ransom. All the information collected by the group was found on the dark web.
Such activist groups were known to use radical methods in the name of transparency. WikiLeaks, for example, was known for whistle-blowing and revealing information that the group deemed important for the public interest.
DDoSecrets co-founder Emma Best believes that revealing this large cache of data also serves the public interest. Wired noted the organizations’ belief that these dumps “often contains information that deserves to be scrutinized and, in some cases, revealed to the public.”
Best explained, “Ignoring valuable data that can inform the public about how industries operate isn’t something we can afford to do.” In other words, combing through these corporate secrets can reveal information that can serve the public good.
Best added, “Whether it’s a pharmaceutical company or a petroleum company, or a company with technical data and specs that can speeds progress for an entire industry or make everyone safer by sharing research.”
While the organization may have the public’s interest in mind, such actions can be detrimental to corporations open up discussions about questionable ethics, especially in light of the numerous ransomware attacks during the pandemic.
Analyst and security firm Recorded Future researcher Allan Liska said, “I personally think it’s wrong. Even if you think your intentions are good, I think you’re taking advantage of somebody who had a crime committed against them.”
Meanwhile, it is important to note that DDoSecrets only published data that have already been revealed. Cybercriminals, who can maliciously use that info, could already be browsing these troves or may already be using it.