Threat Watch

Sodinokibi Ransomware Increase Ransom Demand For Law Firm

Sodinokibi: The threat actors behind Sodinokibi (also known as REvil) who allegedly stole data from the law firm of Grubman Shire Meiselas & Sacks threatened to publicly release more of the stolen information and doubled their ransom demand from $21 million USD to $42 million. The threat group also claimed that the next collection of information they would publish would be “dirt” on US President Donald Trump. The initial threat from the group had named several celebrities, but the group had not mentioned anything about Mr. Trump until the latest update, and so far, has not provided any proof that they have such information.

ANALYST NOTES

When sensitive data is stolen during a computer intrusion, negotiations can quickly become public and ransom demands increase dramatically. Law firms that have non-public information about clients are especially at risk. The strongest position to be in is to keep detailed logs of computer activity and monitor systems 24-hours a day to quickly detect and stop intrusions before the attackers have the time to find and steal large quantities of data. If a company has detailed logs to investigate, it can be determined how much access the attackers had and what files they may have stolen. That knowledge can help with negotiations, since the victim company will know whether the data the attackers claim to have access to was actually at risk or not.