For the first time, the operators behind the Sodinokibi Ransomware released files that had been stolen from one of their victims because ransom was not paid in time.
Since last month, Sodinokibi members, better known as REvil, have publicly stated that they would continue to follow Maze’s example and publish data stolen from victims if they did not pay a ransom.
Although threats have been made against Travelex and CDH Investments, they have not been carried out with them.
All this changed today when Sodinokibi’s public representative said they were beginning to “keep promises” as they posted links to approximately 337 MB of allegedly stolen victim files on the Russian hacker and malware forum.
The attackers say that this data belongs to Artech Information Systems, which identifies itself as a “minority-and women-owned diversity provider and one of the largest IT workers in the U.S.” and that they will reveal more if a ransom is not paid.
“This is a small part of what we have. If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details.”
As we have been saying over and over, ransomware attacks need to be treated with transparency and as a data breach. We tried to reach out to see if they were able to recover from the attack but we have not heard anything.
By trying to hide these attacks, and the theft of employee, company, and customer data, companies are not only risking fines and lawsuits but are also putting personal data at risk.
This practice of using stolen data as leverage is not going to go away and is only going to get worse.
Expect to see more ransomware operators began to utilize this practice as it becomes the norm in attacks.