The hackers hiding behind it Sodinokibi Ransomware (REvil) began to urge their partners to copy them data of their victims before they can encrypt of systems. The data who steal will upload to a site to expose them victims that do not pay ransom.
Sodinokibi Ransomware is often used as Ransomware-as-a-Service, where ransomware operators manage the payment portal and software development, while "partners" distribute ransomware.
Then, hackers and associates share the money they get from them victims.
According to the post, hackers of Sodinokibi have created a "blog", in which will publish the stolen data of non-ransom victims. However, you will hold some data, such as social security numbers, to sell them on Dark web.
Unknown said that companies that fall victim to Sodinokibi (REvil) have "serious data privacy issues" and need to negotiate quickly.
Unknown also said he is thinking of other ways to further pressure victims to pay ransom.
One idea she thinks is to send auto-emails to brokerage services, such as NASDAQ, to alert them to attacks on companies and thereby harm the value of their shares.
Following is the text, as translated from Russian:
“… ..Also, we have completed work on a blog that will publish data from broken systems. We have asked all our partners to copy data, so we are confident that this blog will be used effectively. Not all will be available information… .. some information will be put up for sale…. Now we can say for sure that all the companies that have our product have serious problems with it private απόρρητο. Συμβουλεύουμε τις εταιρείες να ξεκινήσουν γρήγορα τις διαπραγματεύσεις, καθώς σχεδιάζουμε να επεκτείνουμε και να βελτιώσουμε αυτό το blog. Σκεφτόμαστε, επίσης να στείλουμε e-mail in brokerage services (for example on the NASDAQ) in order to directly affect the financial position of companies.
Now all the data will be published on this blog.
Sodinokibi's spokesman also published one file 10MB size included economic and tax data a victim. Unknown said he would add more data to the file if the victim did not pay the ransom.
Attacks ransomware should be treated as data breaches!
We have said it before. Most, ransomware attacks should be treated as violations data, as more and more hackers threaten to publish victim data.
The files that the ransomware gangs steal contain not only company information but also personal information of employees and customers.
Therefore, companies should always refer to ransomware attacks to inform everyone involved.