Sodinokibi Ransomware which targeted Travelex, releases stolen data of victim

The operators behind Sodinokibi Ransomware intend to sell data stolen from Travelex if there was no response by January 14

A few days ago the UK based foreign exchange company Travelex systems stated that they were targeted by Sodinokibi Ransomware on the New Year's eve. The company stated that they are negotiating $6m ransom as the attackers threatened to release the stolen data which contains customer's personal information.

The operators behind the ransomware allegedly stole 5GB of unencrypted files and then proceeded to encrypt the company's entire network. But recently, the threat actors have released the stolen data from one of the victims because a ransom was not paid in time.

Stolen data published

Cyber Security
Cyber Security Pixabay

The threat actors behind this ransomware campaign, also known as REvil have announced that they will also start following the Maze Ransomware's examples and publish stolen data which they gained after attacking their victims if the targeted firms don't pay a ransom.

It should be mentioned that the cybercriminals who launched the Maze Ransomware took the responsibility for Pensacola cyberattack and soon after that they published a full list of their victims which included the names of the companies, on their website.

However, as of now, even though the operators of Sodinokibi have made threats against Travelex and the Chinese company CDH Investments, they have not yet released any details about these firms. After the attack on Travelex, the hackers stated that they had gained sensitive data since they accessed into the network six months ago and intend to sell if there was no response by January 14.

Sodinokibi Ransomware releases data

On January 11, the threat actors stated they are beginning to "keep promises" and posted links to approximately 337MB of allegedly stolen victim files on a Russian hacker and malware forum, reported the Bleeping Computer.

The representative of Sodinokibi also mentioned that the recently released data belongs to Artech Information Systems, which is a "minority- and women-owned diversity supplier and one of the largest IT staffing companies in the US." At this time the site is down but it is not known whether the attack has caused it or not.

The operators also mentioned that they will release more details if their targets fail to pay the ransom. It stated that "This is a small part of what we have. If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details."

Related topics : Ransomware Cybersecurity