While holding data for ransom or threatening to release stolen information are not new ideas, this is the first time that a major ransomware operator has used this tactic to convince victims to pay ransom demands. Previously, the threat group known as “thedarkoverlord” was known for stealing data and then releasing it when ransoms by the data’s owner were not paid. This new trend has the potential for victim companies to be pressured into paying ransomware operators even if data is properly backed up and could be restored. In the past, regular backups and air-gapped storage of backups have been effective means of recovering from ransomware attacks. Now it is more important than ever to not just back up data, but also prevent attackers from gaining access to steal data. Detecting unusual patterns of data access by internal user accounts and alerting on large outbound data transfers can provide warning that an attack may be in progress. Endpoint Detection and Response (EDR) and monitoring of logs can help defenders spot unusual patterns of behavior before attackers do more damage. Having confidential data and employee information published online can be just as detrimental to a company as having data deleted by ransomware operators. More information on this issue can be found at https://securityaffairs.co/wordpress/96334/cyber-crime/maze-ransomware-southwire.html