Standing By Promise
This is the first time Sodinokibi did it. Not the attack, but disclosing the data. On 11th January this year, the hackers posted links to data files of Artech Information Systems, which identifies itself as one of the largest IT staffing companies in the U.S. Further, it warned them as, While the Artech groups deny the data belonging to them, it has taken its website offline for an unknown reason. No spokesperson from the company has responded to any of the requests yet. Sodinokibi, also known as REvil was been significant in 2018-19 timeline. From the research of several security firms, Sodinokibi is either an evolvement of GandCrab or in association with it, which caused around 40% of ransomware attacks in its active period. This malicious groups operate generally as other players but strongly and quickly. It infects primarily by sending malicious links and dumping payload after accessing the systems. It later hides from threat detectors and steals data from the system to be transported to the attacker. Other victims of Sodinokibi are CDH Investments, New York airport, Travelex. The hacker group is reported to coming at the finals settlements with Travalex’s deal. It’s touted that the group first demanded $3 million as ransom, but doubled the amount you $6 million and threatened Travelex to pay within the stipulated time. Sodinokibi is confident about Travalex’s pay, as in reply to BleepingComputer, the ransom group confirmed that the deal between victim and them will be mutually beneficial.
