Under the Breach researchers first reported the news that the Sodinokibi (also known as REvil) ransomware group were threatening to release around 60,000 customer-related documents and nearly 70,000 financial and work documents allegedly stolen from the company Kenneth Cole. The Sodinokibi operators have been extremely active in the US as of late, with CyrusOne and Synoptek being the most recent targets prior to Kenneth Cole. The REvil threat actors are attempting to force Kenneth Cole to pay the ransom by posting samples of the data and threatening to release the rest if it is not paid in a timely manner.
Analyst Notes
Ransomware operators have increasingly turned to threatening companies with the release of stolen data to force more ransom payments. Stealing data requires the threat actors to stay undetected for a longer period of time while they locate and access the most valuable data sources at a victim company. It is always important to keep anti-virus solutions up-to-date in order to protect against ransomware. Anti-virus can’t stop targeted attacks, however, because the threat actors often change the malware to be unique and ensure that it isn’t detected by anti-virus just before deploying it. Companies should also consider adopting an EDR (Endpoint Detection and Response) plan as part of their defense-in-depth strategy because it can detect attacker behaviors and give analysts a chance to respond before serious damage is done. SOC (Security Operations Center) analysts at Binary Defense work around the clock to monitor client workstations and detect threats to stop them before they become a bigger issue. Keeping secure backups of files offline should also be considered so that they can be recovered if they happen to be compromised.
Source: https://securityaffairs.co/wordpress/98694/malware/sodinokibi-kenneth-cole-data-breach.html
