After the December infection of CyrusOne, the operators of the ransomware known as Sodinokibi made it clear they weren’t happy with victims being able to successfully recover their files without paying their ransom demand. A forum post by a representative for the threat group tries to argue that paying a ransom is much less expensive than the cost of recovery from scratch. In the case that victims don’t pay, the representative states that stolen data from the breach will either be sold to competitors or dumped online for free. The group even tries to use the potential GDPR fines as a threat. Since that December post, it seemed like the group was only trying out a scare tactic. Unfortunately, the threat group has finally followed through on their threats by posting a 337MB partial dump of data stolen from Artech Information Systems and promises to sell more sensitive financial information if they do not receive the extortion payment that they demanded. This appears to be a move to prove they are willing to follow in the example of the Maze ransomware which has been publishing victim data since May.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is