The transaction site offers a live chat window for contacting the ransomware criminals, which contains a message threatening the publication of the corporate data copied.
"This is while hidden post, but it will be published after time expired. If you don't pay anyway, we publish download link for all your confidential files.
"You will lose reputation for clients, get different penals because you didn't protected personal data, your competitors or other people from public will use your financial data in their interests. If you don't want that, I recommend you pay money in time.
"We see that you are visiting this page. Contact us to this chat to get us know that you are collecting the payment, because we are going to publish a post about you in the blog already."
While the Herald won't publish the locations of the ransom note and transaction sites, they have been posted on social media.
This opens up the possibility of anyone who finds the transaction site being able to negotiate with the ransomware criminals to buy the data they have taken.
Privacy and data protection partner Richard Wells at Auckland law firm Minter Ellison Rudd Watts warned that anyone buying data taken from someone else via ransomware attacks would likely be committing a crime.
"Since the data would contain personal information, buying it would definitely be interfering with people's privacy," Wells said.
Buying corporate data in this manner would be "an incredibly dumb thing to do" for competing companies, as obtaining the information via illegitimate sources would be a massive reputational risk, he added.
Wells also cautioned that companies paying ransoms could be caught in strict anti-corruption and bribery laws, especially those in the United Kingdom and the United States.
Individuals paying ransoms can do so, but Wells said such deals are risky.
"It's not like there's an enforceable contract or anything with the ransomware criminals," Wells said.
