A new forum post by the Sodinokibi operators show they are doubling down on their efforts to coerce victims into paying the ransom. Although the group had already begun to follow in the footsteps of others by posting stolen data, all data and announcements were posted on third party forums. According to a recent announcement, the group has finished work on a “blog” for sharing stolen data, falling in line with groups like Maze and the recent DoppelPaymer. Forum user “Unknown” also went on to encourage all affiliates to exfiltrate data as often as possible to convince them that this new blog is worth the effort. Perhaps trying to get ahead of the game after following in the lead of others, Unknown also mentions how the group is considering an automatic email notification to stock markets after a victim has been infected in hopes of affecting company value.
With all the news around COVID-19/Coronavirus, the average person is turning to the internet for