Leakware - What it is, how it works, and how to respond

Leakware

What it is

Leakware is a ransomware tactic that steals sensitive data and threatens to publish it unless you pay. Instead of encrypting files, attackers use exposure as leverage against people and organizations.

How it works - quick tour

  • Initial access via phishing, stolen creds, or a vulnerable app

  • Discovery and collection of valuable files and mailboxes

  • Exfiltration to attacker servers or cloud storage

  • Extortion emails and shaming sites announce a countdown to leak

What you may notice

  • Sudden logins from unknown locations or unusual data transfers

  • New backup or archiving tools installed without approval

  • “Proof of theft” emails linking to a leak site or sample files

If it hits - first moves

  1. Isolate affected systems and rotate credentials from a clean machine.

  2. Preserve evidence - logs, notes, samples - and alert legal and leadership.

  3. Engage incident response to scope data taken and block persistence.

  4. Notify impacted users and regulators as required - prepare containment messaging.

  5. Improve egress controls and takedown attempts against leak sites.

Prevent it

  • MFA everywhere and least privilege for mail, file shares, and VPN

  • Patch internet-facing services fast and monitor for data exfiltration

  • Encrypt sensitive data at rest and label it for tighter access

  • Use EDR/XDR plus DNS/web filtering to spot staging and upload spikes

  • Keep offline, tested backups - some actors still encrypt as a second punch

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Data Exfiltration

        What it is Data exfiltration is the unauthorized transfer of your data out of your device or network—quietly slipping customer records, passwords, designs, or finances to an attacker. It’s the punchline of many breaches: get in, get data out, cash ...

      • Data Breach

        What it is A data breach is when someone gets into a company’s systems without permission and steals sensitive info—customer names, emails, passwords, payment details, medical records, and more. For overview: see our data breach guide How it happens ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...