New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


Sodinokibi Operators Threaten Another Victim

Sodinokibi has struck again, this time threatening to release stolen data from GEDIA Automotive Group. In previous threats, the group tried to use GDPR as a motivator for victims to pay the ransom. This latest post makes no such threat, rather they only state that a victim has failed to make contact and will have drawings, employee and customer data available to them for one week. If GEDIA Automotive still has not paid a ransom after a week, the stolen data that has not already been purchased by other criminal actors will be released online for free. The full post by the Sodinokibi group can be read below:

“Now for the tasty. They didn’t get in touch. All computers on the network are encrypted,” as Sodinokibi said on a Russian hacker and malware forum. “More than 50 GB of data was stolen, including drawings, data of employees and customers.

All this is carefully prepared for implementation on the stock exchange of information. What they don’t buy, we’ll post it for free. 7 days before publication.”

Analyst Notes

Always keep anti-virus solutions up to date. When deploying security solutions for the enterprise, consider using an EDR (endpoint detection and response) solution side-by-side with AV products. Using an EDR solution or an MDR (managed detection and response) can help spot threats before they spread too far. Analysts at the Binary Defense Security Operations Center detect threats on our clients’ workstations and servers 24 hours a day and respond quickly to contain infections, preventing minor incidents from becoming a source of major damage across the company. Many forms of ransomware also seek out network attached drives when encrypting files; backups should be done periodically and stored offline in a secure location. To combat data exfiltration, consider adding a DLP (data loss prevention) solution as another layer of security.