Sodinokibi Ransomware Publishes Stolen Data for the First Time

Posted by & filed under Security Alerts.

For the first time, the operators behind the Sodinokibi Ransomware have released files stolen from one of their victims because a ransom was not paid in time.

Since last month, the representatives of the Sodinokibi, otherwise known as REvil, have publicly stated that they would begin to follow Maze’s example and publish data stolen from victims if they do not pay a ransom.

REvil post

While there have been threats made against Travelex and CDH Investments, they have not carried through with them.

This all changed today when the public representative of Sodinokibi stated they beginning to “keep promises” as they posted links to approximately 337MB of allegedly stolen victim files on a Russian hacker and malware forum.

Sodinokibi publishing victim's data
Sodinokibi publishing victim’s data
Source: Damien

They claim this data belongs to Artech Information Systems, who describe themselves as a “minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S”, and that they will release more if a ransom is not paid.

“This is a small part of what we have. If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details.”

At this time, Artech’s site is down and it is not known if it is due to this attack. BleepingComputer has reached out to Artech with questions related to the ransomware attack, but have not heard back.

As we have been saying over and over, ransomware attacks need to be treated with transparency and as a data breach.

By trying to hide these attacks, and the theft of employee, company, and customer data, companies are not only risking fines and lawsuits but are also putting personal data at risk.

This practice of using stolen data as leverage is not going to go away and is only going to get worse.


The information contained in this website is for general information purposes only. The information is gathered from BLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.