In May 2020, the power grid middleman Elexon had its servers infected with Sodinokibi Ransomware after a cyberattack. The company reported that the attack only affected internal systems, such as the company email server and employee laptops. The email server was taken down following the incident and shortly after, Elexon announced that they’d found the root cause of the attack but did not provide details. Elexon opted to not pay the ransom request and relied on backups to restore their data. The Sodinokibi operators responded by publishing around 1,280 files that they allegedly stole from Elexon. These files were copies of employee passports and company insurance application forms. While Elexon itself did not reveal how Sodinokibi made its way into their system, researchers from Bad Packets stated that they were using an outdated version on Pulse Secure VPN which may have been exploited.