Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Sodinokibi ransomware gang launches auction site to sell stolen data

REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom. Sodinokibi ransomware operators are very active in this period, a few days after the gang has leaked the files allegedly stolen from the UK power grid middleman Elexon it has announced to launch […]

sodinokibi gang revil auction

Source BleepingComputer

REvil /Sodinokibi ransomware operators launch an auction site to sell data stolen from victims that have chosen to not pay the ransom.

Sodinokibi ransomware operators are very active in this period, a few days after the gang has leaked the files allegedly stolen from the UK power grid middleman Elexon it has announced to launch an auction site to sell data stolen from victims that have chosen to not pay the ransom.

The Sodinokibi ransomware operators have launched an eBay-like auction site for stolen data where they plan to sell data stolen from the victims.

Recently Sodinokibi ransomware group claimed to have stolen gigabytes of legal documents from the entertainment and law firm Grubman Shire Meiselas & Sacks (GSMLaw) that has dozens of international stars and celebrities among its clients.

The list of clients of the law firm includes famous artists like Chris Brown, Madonna, Lady Gaga, Nicki Minaj, Elton John, Timbaland, Robert de Niro, Usher, U2, and Timbaland.

Now the hackers plan to auction Madonna’s legal documents in a future auction.

The Sodinokibi ransomware operators use exploits to compromise the target’s network and infect the largest number of computers as possible.

In May 2019, threat actors were observed exploiting recently patched critical Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware to organizations. In June 2019, the ransomware hit several managed service providers, while in August the same malware infected the company behind DDS Safe solution used by hundreds of dental offices and at least 23 Texas local governments as the result of a coordinated effort.

The Sodinokibi gang also operates a leak site on the dark web where they share samples of stolen files to threatens the victims.

Now the group implemented the new “auction” feature, a first auction is for documents stolen from a Canadian agricultural company that was hacked in May and that refused to pay the ransom.

The starting offer for the auction is $50,000 that could be paid using the Monero cryptocurrency.

sodinokibi gang revil auction
Source BleepingComputer

The gang also threatened to hold an auction for Madonna’s private legal documents stolen from Grubman Shire Meiselas & Sacks (GSMLaw)

The REvil gang published the message “remember Madonna and other people,” suggesting that the files of the music star will be available for auction very soon.

Sodinokibi isn’t the unique ransomware gang that is threatening to publish data of the victims to force to pay the ransom, other gangs are DopplePaymerMazeNefilimNemtyRagnarLocker, and NetWalker.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ransomware, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]