Sodinokibi Ransomware operators threaten to leak ‘dirty’ financial data of a company

Sodinokibi Ransomware operators are threatening to leak a company’s “dirty” financial secrets because they did not pay the ransom.

The operators behind the infamous Sodinokibi Ransomware are threatening to publicly release the “dirty” financial secrets of a company that refused to pay the ransom.

In December, for the first time, the crime gang behind the Maze ransomware, decided to blackmail the victims and force them to pay the ransom.

This move is shocking and brings the ransomware attack to a higher level of threat, we can expect that other cybercrime gangs will adopt a similar strategy to blackmail the victims and force them to pay the ransom.

Other groups, such as the Nemty Ransomware and BitPyLock gangs adopted the same technique in January 2020.

Now Sodinokibi operators are threatening not only to disclose the stolen data, but they are also analyzing the exfiltrated data searching for damaging information to use against the victims.

“In a new post by the Sodinokibi operators to their data leak site, we can see that attackers are not only publishing victim’s data but also sifting through it to find damaging information that can be used against the victim.” reported BleepingComputer the first reported the news.

Sodinokibi operators have found Social Security Numbers and date of births for people in the data stolen from the targeted organization and now are threatening to sell it on the dark web.

Crooks announced that have found “dirty” financial secrets in the data and threaten to leak it.

“It is only a small part of your data and it’s in for now. Every day more and more information will be uploaded.
SSN + DOB + other information about people – will be sold in DarkWeb to people who will use them for their probably “dark deals”.
After revealing people’s personal data, they will be informed who is guilty in publications. There is also other interesting information. Your financial reports are very interesting and “dirty” – these secrets will be revealed a little later to certain people.” reads the message published by the group on the data leak site that includes links to the archive containing the stolen data.

Recently operators behind the Sodinokibi Ransomware threatened to disclose data from the Kenneth Cole fashion firm.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Sodinokibi)

[adrotate banner=”5″]

[adrotate banner=”13″]